BaseServ Limited | Version 1.0

Security Vulnerability Disclosure Policy

At BaseServ, safeguarding our systems and customer data is a core priority. We welcome responsible security research and appreciate reports from individuals who help us identify potential weaknesses.

This policy explains which assets are in scope, the expectations for researchers, and how to submit vulnerability reports. By submitting a report, you acknowledge and agree to follow the guidelines described below.

1. Scope of Testing

This policy applies to digital assets that are owned and maintained by BaseServ, including:

  • billingserv.com
  • demo.onlinebillingform.com
  • id.baseserv.com

Any systems, services, or infrastructure not specifically listed above are considered out of scope.

2. Research Guidelines

To ensure responsible testing, you must comply with the following requirements:

  • Do not perform actions that could negatively impact our services, infrastructure, or users. Prohibited activities include (but are not limited to) denial-of-service attacks, spam, automated abuse, or social engineering.
  • Do not access, download, alter, or delete data that does not belong to you. If you unintentionally encounter sensitive or non-public data, stop testing immediately and report the issue.
  • Do not publicly disclose any vulnerability until we have confirmed that it has been resolved.
  • Provide clear, step-by-step reproduction details so our team can validate and remediate the issue. Reports lacking sufficient information may not be actionable.
  • Conduct all research ethically and without intent to exploit or financially benefit from the vulnerability.

3. Submitting a Report

If you discover a potential security issue, please notify us as soon as possible by:

If possible, please use encryption (such as PGP) when sharing sensitive details.

When reporting, include:

  • A detailed description of the issue
  • Steps to reproduce
  • The affected URL or system
  • Any proof-of-concept material (screenshots, logs, etc.)

4. Safe Harbor Commitment

If you comply with this policy and act in good faith:

  • We will not pursue legal action related to your research.
  • We will investigate and address the issue in a timely manner.
  • We will treat your report confidentially.

This safe harbor applies only when all policy guidelines are followed.

5. Compensation

At this time, BaseServ does not operate a formal bug bounty program. While we may choose to acknowledge or reward contributions at our discretion, submission of a report does not entitle you to compensation.