Pina MapinaPina Mapina

Security & Responsible Disclosure

Last updated: July 9, 2026

We take the security of Pina Mapina and the people who use it seriously. If you believe you have found a security vulnerability in this website or its infrastructure, we welcome your report and will work with you to understand and resolve it quickly.

How to report

Email contact@pinamapina.com with a clear description of the issue, the steps to reproduce it, and the potential impact. A minimal, non-destructive proof of concept is enough — please do not go further than necessary to demonstrate the problem.

Our security.txt is published at /.well-known/security.txt.

Scope

  • The pinamapina.com website and its public API endpoints (for example, the waitlist endpoint).
  • The infrastructure that directly serves pinamapina.com.

Third-party services we rely on (our cloud provider, analytics, identity providers, and similar) are out of scope — please report issues in those directly to the responsible vendor.

Testing rules

To keep users and data safe, please:

  • use only your own accounts and test data;
  • stop as soon as you have confirmed a vulnerability, and report it;
  • keep the volume of automated requests reasonable so you do not degrade the service for others;
  • give us a reasonable opportunity to fix the issue before disclosing it publicly.

Please do not

  • access, download, modify, or delete data that is not yours;
  • dump environment variables, secrets, or configuration;
  • establish persistence, install software, or run cryptocurrency miners;
  • perform denial-of-service or resource-exhaustion testing;
  • use social engineering, phishing, or physical attacks against our team or users;
  • publicly disclose the issue before we have remediated it.

Safe harbour

If you make a good-faith effort to comply with this policy during your research, we will consider your activity authorised, we will not pursue or support legal action against you for it, and we will work with you to understand and resolve the issue quickly. This is a summary and not a legal contract; the safe-harbour language will be finalised with legal counsel before Pina Mapina’s full commercial launch. If in doubt about whether a specific action is authorised, contact us first at contact@pinamapina.com.

What to expect from us

  • We aim to acknowledge your report within 5 business days.
  • We will keep you informed as we investigate and remediate.
  • We will credit you if you would like acknowledgement once the issue is fixed (optional).

Rewards

Pina Mapina does not currently operate a paid bug-bounty program, and reports are not eligible for monetary rewards at this time. We genuinely appreciate responsible disclosure and are happy to publicly credit researchers who help us keep the service safe.

Contact

Security reports: contact@pinamapina.com.