Updated 19 May 2026
Security and Responsible Disclosure
How to report security issues, what testing is permitted, and what conduct is prohibited.Report Security Issues
If you discover a vulnerability or security issue affecting JurisPK, email support@jurispk.com with a clear description, affected URL or endpoint, steps to reproduce, potential impact, screenshots where helpful, and your contact details.
Please report privately and give us a reasonable opportunity to investigate and fix the issue before public disclosure.
Permitted Good-Faith Research
Good-faith, low-volume testing against your own account is acceptable if it does not harm JurisPK, other users, source materials, payment systems, or non-public data.
Permitted research must:
- Use your own account and your own test data.
- Avoid service disruption, excessive traffic, persistence, destructive actions, and data extraction.
- Stop immediately if you encounter non-public data, admin access, secrets, server files, logs, credentials, database internals, payment records, or another user's data.
- Report the issue promptly with enough detail for us to reproduce and assess it.
- Keep the issue confidential until we have had a reasonable chance to respond.
Prohibited Testing
You must not perform:
- Denial-of-service testing, load testing, stress testing, or traffic floods.
- Social engineering, phishing, impersonation, credential attacks, password spraying, credential stuffing, or session theft.
- Malware, ransomware, persistence, backdoors, destructive actions, data deletion, data modification, spam, or unauthorized automation.
- Attempts to access the database, server filesystem, admin tools, logs, secrets, source credentials, cloud resources, payment records, or non-public records.
- Bulk extraction, scraping, mirroring, or harvesting of documents, account data, payment data, source materials, or metadata.
- Testing against third-party systems connected with payment, wallet, telecom, banking, hosting, email, or infrastructure providers.
- Public disclosure before responsible reporting and reasonable remediation opportunity.
No Safe Harbor for Abuse
This policy does not authorize unlawful access, data exfiltration, extortion, public dumping, service disruption, privacy violations, payment fraud, account compromise, source extraction, or violation of Pakistani law or other applicable law.
JurisPK may investigate, block, suspend, terminate, preserve evidence, or report activity that appears abusive, fraudulent, unlawful, or harmful.
What to Include in a Report
Helpful reports include:
- Affected URL, endpoint, page, feature, or workflow.
- Account type used during testing.
- Clear reproduction steps.
- Expected and actual behavior.
- Potential impact.
- Any request IDs, timestamps, screenshots, or logs available to you.
- Confirmation that you did not access, copy, alter, or disclose non-public data.
Do not include passwords, private keys, unrelated personal data, full payment credentials, or large data dumps.
Our Response
We aim to acknowledge credible reports within a reasonable timeframe, investigate based on severity, prioritize fixes according to risk, and communicate where practical.
We do not currently operate a paid bug bounty program. Any recognition, thanks, or discretionary reward is entirely at our discretion and must not be demanded or treated as permission to test beyond this policy.
User Security Responsibilities
You are responsible for protecting your account email, password, devices, browser sessions, payment references, and screenshots. Do not share paid credentials or leave active sessions on shared devices.
If you believe your account has been compromised, contact support@jurispk.com promptly.