Pricing FAQ Integrations
Sign in Get Started

Security Policy

Introduction

Wyapy is committed to protecting the confidentiality, integrity, and availability of our systems and customer data. This Security Policy describes how we manage security, how to report vulnerabilities, and what you can expect from us.

Reporting Security Issues

If you believe you have found a security vulnerability in Wyapy, please report it to:

Please include:

  • A clear description of the issue
  • Steps to reproduce (proof of concept if available)
  • Impact assessment (what an attacker could do)
  • Relevant logs, screenshots, or timestamps (avoid sending sensitive personal data)

We ask that you do not publicly disclose the issue until we have had a reasonable opportunity to investigate and remediate it.

Response and Remediation Process

We aim to:

  • Acknowledge reports within 3 business days
  • Provide a status update within 10 business days
  • Remediate confirmed issues in a timeframe appropriate to severity and exploitability

Timelines may vary depending on complexity, third-party dependencies, and deployment constraints.

Security Measures

We use a combination of technical and organizational measures designed to reduce risk, including:

Access Control

  • Least-privilege access to production systems
  • Multi-factor authentication where supported
  • Controlled access to administrative interfaces

Encryption

  • Encryption in transit using HTTPS/TLS for Wyapy services
  • All data is encrypted when stored at rest
  • Sensitive secrets are stored using secret management tools designed for security

Monitoring and Logging

  • System and application logging for operational and security investigation purposes
  • Monitoring for availability and anomalous activity

Secure Development Practices

  • Dependency updates and vulnerability monitoring where feasible
  • Code changes are reviewed before deployment where feasible
  • Full separation of environments

Data Handling

Wyapy processes survey data (ratings and optional comments) and service metadata in order to operate and improve the service. Please refer to our Privacy Policy for details on what we collect, how we use it, and retention/deletion practices.

Third-Party Services and Dependencies

Wyapy may rely on third-party services for hosting, monitoring, analytics, payments, and content delivery. We take steps to select reputable providers and limit data shared to what is necessary to operate the service.

Supported Versions

Security updates and fixes are applied to the production Wyapy service. If you self-host any components or use pinned client versions, you are responsible for deploying updates in a timely manner.

Security Testing

We may perform security testing and hardening activities such as dependency vulnerability scanning and configuration reviews. Wyapy does not currently provide a formal bug bounty program unless explicitly stated otherwise.

Safe Harbor (Good-Faith Research)

We will not pursue legal action for security research conducted in good faith that:

  • Avoids privacy violations, data destruction, and service disruption
  • Uses minimal access necessary to demonstrate the issue
  • Does not exfiltrate more data than necessary to prove impact
  • Is reported promptly to info@wyapy.com

Changes to This Policy

We may update this Security Policy from time to time. Updates will be posted on this page with a revised “Last Updated” date.

Contact

For security issues, please contact:

Last Updated: January 2026