Introduction
ArbiBase, LLC ("ArbiBase," "we," "us," or "our") is committed to maintaining the security and integrity of our platform at https://arbibase.com and related services (collectively, the "Services"). This policy outlines our security practices and how security researchers may report vulnerabilities responsibly. We value coordinated disclosure.
Our security commitment
We implement commercially reasonable administrative, technical, and physical safeguards to protect account information, verification records, personal data, platform infrastructure, payment workflows, and confidential business data.
- Encryption at rest
- AES-256 for all stored data.
- Encryption in transit
- TLS 1.2+ enforced across all endpoints.
- Access controls
- Role-based access; least-privilege enforced.
- Authentication
- MFA available for all accounts.
- Monitoring
- Logging and automated anomaly alerting.
- Patch management
- Regular updates applied to all infrastructure.
No system is 100% secure, but we continuously improve our security posture.
Reporting vulnerabilities
If you believe you have discovered a vulnerability affecting the Services, please report it immediately and privately to:
security@arbibase.com
admin@arbibase.com
Include in your report
- A detailed description of the vulnerability
- Steps to reproduce the issue
- The affected URL or system component
- Screenshots or proof-of-concept (if applicable)
- Your contact information
Responsible disclosure guidelines
When conducting security research, you agree to: act in good faith; avoid privacy violations, service disruption, and data destruction; not access or modify data beyond what is necessary to demonstrate the issue; not exploit vulnerabilities for personal gain; not conduct DoS testing; and not attempt social engineering against ArbiBase staff.
Testing must not
- Access accounts that are not your own
- Extract large volumes of data
- Circumvent authentication safeguards
- Introduce malicious code
Safe harbor
ArbiBase will not pursue legal action against individuals who discover vulnerabilities, report them responsibly, follow this policy, act in good faith, and do not exploit vulnerabilities beyond proof-of-concept. This safe harbor applies only when all guidelines are followed. Activities that violate law or cause harm are not protected.
Out of scope
The following are generally out of scope and will not be investigated:
- Issues in third-party services outside our control
- Spam reports
- Brute-force login attempts
- Denial-of-service attacks
- Physical attacks on infrastructure
- Social engineering attempts against staff
- Previously disclosed issues
Response process
Upon receiving a vulnerability report, we will: acknowledge receipt; investigate the issue; assess severity and risk level; determine remediation steps; and communicate status updates where appropriate. Response timelines vary by complexity and severity. We aim to acknowledge all reports within 5 business days.
No bug bounty program
ArbiBase does not currently operate a public bug bounty program. Responsible disclosure does not guarantee compensation. However, we appreciate valid reports and may acknowledge researchers at our discretion.
Data breach response
In the event of a confirmed data breach affecting user information, ArbiBase will: investigate promptly; contain the incident; mitigate risks; notify affected users where legally required (FIPA, CA Civil Code § 1798.82, NY SHIELD Act); and comply with all applicable notification laws. Notification does not constitute an admission of liability.
User security responsibilities
Users are responsible for maintaining strong, unique passwords; keeping login credentials confidential; securing their own devices; avoiding credential sharing; using updated browsers; and not exporting confidential data insecurely. ArbiBase is not responsible for breaches caused by user negligence.
Policy updates
We may update this Security & Responsible Disclosure Policy periodically. The "Last revised" date at the top reflects the most recent version. Continued use of the Services constitutes acceptance of updates.
Contact
ArbiBase, LLC
1111b South Governors Ave STE 48151
Dover, DE 19904 US
security@arbibase.com
support@arbibase.com
admin@arbibase.com
+1 (844) 939-3594