Responsible Disclosure Policy
Overview
At Loandisk, the security of our cloud-based loan management ecosystem and the data of our users is our highest priority. We welcome feedback from security researchers and the broader community to help us maintain a secure platform.
How to Report a Vulnerability
If you discover a security vulnerability or potential threat within Loandisk, please notify us immediately by emailing security@loandisk.com.
Please include a detailed description of the issue, including:
- Steps required to reproduce the vulnerability (proof-of-concept scripts or screenshots).
- The potential impact of the vulnerability.
Our Commitments (Safe Harbor)
If you act in good faith and adhere to this policy during your research, Loandisk commits to:
- Acknowledging receipt of your report within 48 hours.
- Working dynamically to validate and remediate the issue.
- Safe Harbor: Not initiating legal action or involving law enforcement against you, provided you do not access, modify, or delete user data, or disrupt our services (DoS/DDoS).
Scope
This policy applies to the Loandisk platform and the services we operate, including www.loandisk.com, the staff, borrower, investor and collection-sheet portals, and our public API. Vulnerabilities in third-party services we rely on (for example payment gateways, email, or cloud hosting providers) should be reported directly to those providers under their own disclosure programs.
Guidelines for Researchers
To keep your research within Safe Harbor, please:
- Only test against your own account or accounts you have explicit permission to use — never access, modify, or delete data belonging to other users.
- Avoid any activity that degrades or disrupts the service, such as denial-of-service, spam, or automated scanning that overloads our systems.
- Do not use social engineering, phishing, or physical attacks against our staff, users, or facilities.
- Give us a reasonable opportunity to investigate and remediate before disclosing any details publicly.
- If you encounter any personal or user data during testing, stop immediately and let us know in your report.
Recognition
Loandisk does not currently operate a paid bug-bounty program. We are, however, grateful for every good-faith report, and we are happy to publicly acknowledge researchers who help us improve the security of the platform, with your permission.
Last updated: July 2026. For any questions about this policy, contact security@loandisk.com.
© Loandisk 2026. All Rights Reserved. Cirratek Pty Ltd, ACN 690 716 217