For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
AI agentsStatus PageContact sales
HomeGuidesDeveloper ToolsChangelogsCookbooks
HomeGuidesDeveloper ToolsChangelogsCookbooks
    • Payabli overview
    • How money moves
    • Payabli glossary
    • Getting started
    • Docs feedback
  • Accept payments
    • Pay In concepts
  • Send payments
    • Pay Out concepts
  • Manage payment operations
    • Pay Ops overview
    • Access PartnerHub or PayHub
  • Cross-product features
    • Creator tool
  • Trust and security
    • Trust center
    • Vulnerability disclosure policy

© 2026 Centavo, Inc. All rights reserved | Centavo (DBA Payabli) is a registered Payment Facilitator of PNC Bank, N.A., Pittsburgh, PA. Payabli is a registered ISO/MSP of Merrick Bank, South Jordan, UT.

PayabliTest Cards & AccountsPay In StatusesPay Out StatusesTrust Center
LogoLogo
AI agentsStatus PageContact sales
On this page
  • Our commitment
  • Scope
  • Out of scope
  • How to report a vulnerability
  • Responsible disclosure guidelines
  • Safe harbor
  • Rewards and recognition
  • Policy changes
Trust and security

Vulnerability disclosure policy

How to report security vulnerabilities to Payabli
|View as Markdown|Open in Claude|
Was this page helpful?

At Payabli, the security of our platform, customers, and partners is a top priority. We value the security community and encourage responsible disclosure of potential vulnerabilities in our systems.

This policy outlines how to report security issues to Payabli and what you can expect from us in return.

Our commitment

If you identify a security vulnerability and report it to us in accordance with this policy, Payabli commits to:

  • Acknowledge receipt of your report within a reasonable timeframe
  • Investigate the issue promptly
  • Work to remediate validated vulnerabilities based on severity and risk
  • Not pursue legal action for good faith security research conducted in accordance with this policy

We appreciate responsible disclosure and collaboration that helps improve our security posture.

Scope

This policy applies to vulnerabilities in:

  • Publicly accessible Payabli websites
  • Public APIs and developer endpoints
  • Applications and services owned and operated by Payabli

Out of scope

The following aren’t covered by this policy:

  • Third-party vendors, partners, or integrations not owned by Payabli
  • Social engineering, phishing, or physical testing of employees
  • Denial of service (DoS/DDoS) testing
  • Automated scanning that degrades performance
  • Any testing that violates applicable law

If you aren’t sure whether a system is in scope, contact us before proceeding.

How to report a vulnerability

Submit vulnerability reports to vulnerability@payabli.com.

To help us triage quickly, include:

  • A detailed description of the issue
  • Affected URL, endpoint, or system
  • Steps to reproduce
  • Proof of concept (screenshots, request/response samples, etc.)
  • Any potential impact you identified
  • Your contact information

We request that you refrain from public disclosure until we’ve had a reasonable opportunity to investigate and remediate.

Responsible disclosure guidelines

We ask that you:

  • Act in good faith
  • Avoid accessing, modifying, or exfiltrating customer data
  • Limit testing to what’s necessary to demonstrate the vulnerability
  • Cease testing immediately if sensitive data is encountered and notify us
  • Don’t attempt privilege escalation, persistence, or lateral movement

Testing that causes service disruption or operational impact isn’t authorized.

Safe harbor

If you conduct research in good faith and in accordance with this policy, Payabli won’t pursue legal action related to your findings.

This safe harbor applies only to activities that comply with this policy and applicable laws.

Rewards and recognition

Payabli doesn’t operate a formal bug bounty program.

We may, at our sole discretion:

  • Provide public recognition (with your permission)
  • Offer non-monetary acknowledgment
  • Provide discretionary compensation

Submission of a report doesn’t create an entitlement to compensation. Any reward or payout is determined solely at Payabli’s discretion.

Policy changes

Payabli reserves the right to modify or terminate this vulnerability disclosure policy at any time.