Security

The security of PolitAlpha and our users' data is important to us. If you believe you have found a security vulnerability, we encourage you to report it responsibly.

Reporting a Vulnerability

Please email security concerns to support@politalpha.com. Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Your contact information (optional, for follow-up)

Our Commitment

• We will acknowledge receipt within 48 hours
• We will investigate and provide an initial assessment within 7 business days
• We will not take legal action against researchers who report in good faith
• We will credit researchers (with permission) when fixes are deployed

Scope

• politalpha.com and its subdomains
• PolitAlpha API endpoints
• Authentication and session management
• Payment flow security

Out of Scope

• Social engineering / phishing attacks
• Denial of service attacks
• Issues in third-party services (Supabase, Stripe, Resend) — report directly to them
• Issues requiring physical access to a user's device

No Bug Bounty

We do not currently operate a paid bug bounty program. We appreciate voluntary reports and will acknowledge contributors publicly (with permission).

Contact

Bertatech LLC Email: support@politalpha.com