Responsible Disclosure Policy

Last revised: 30/03/2025

At EX.CO, we take security seriously and are committed to protecting the data and privacy of our users and partners. We recognize the valuable role that security researchers play in improving online safety and welcome responsible disclosures of security vulnerabilities.

If you believe you’ve found a vulnerability affecting any part of our platform, we ask that you report it to us through our official bug bounty program.

Disclosure Guidelines

We ask that researchers:

  • Report vulnerabilities only via our OpenBugBounty profile

  • Do not exploit or abuse the vulnerability

  • Avoid accessing or modifying user data

  • Refrain from any activity that could disrupt services (e.g., DDoS, brute force)

  • Only test systems under the https://ex.co domain or related subdomains

  • Allow us reasonable time to investigate and remediate the issue


Report a Vulnerability

Please report vulnerabilities through our official OpenBugBounty page:

👉  https://www.openbugbounty.org/bugbounty/EXCOTECHNOLOGIESLTD

This ensures your report is handled quickly and securely by our security team.


What You Can Expect

  • A timely response via the OpenBugBounty platform

  • Recognition for valid, impactful submissions

  • Possible non-monetary rewards or public acknowledgment

  • A safer experience for our users—thanks to you!

We greatly appreciate your help in keeping EX.CO secure.