Switch .com Best Exchange Rates .com Best Exchange Rates .com Best Exchange Rates
BER

Security Policy — BestExchangeRates.com

At BestExchangeRates.com, we take the security and privacy of our users very seriously. We are committed to protecting our platform, users, and data through strong technical safeguards and responsible disclosure practices.

🛡️ Security Policy Overview— BestExchangeRates.com

At BestExchangeRates.com, we take the security and privacy of our users very seriously. We are committed to protecting our platform, users, and data through strong technical safeguards and responsible disclosure practices.

This page outlines how we handle vulnerabilities, how to report them, and what you can expect from us.

Reporting Security Issues

If you believe you’ve discovered a vulnerability, bug, or other security concern affecting BestExchangeRates.com or its related services:

Please contact us immediately at:

📧 security@bestexchangerates.com

We encourage responsible disclosure and will make every effort to acknowledge and respond to your report promptly.

Responsible Disclosure Guidelines

To ensure a constructive process, we kindly ask that you:

  • Avoid exploiting the issue, accessing user data, or disrupting services
  • Give us a reasonable time to investigate and fix the issue before public disclosure
  • Avoid violating applicable laws or breaching user privacy

We pledge to:

  • Respond to your submission within 5 business days
  • Provide regular updates on progress and resolution
  • Credit your discovery (with your permission) on our Hall of Fame

In-Scope Areas

We welcome reports on issues affecting:

  • Our public website (https://bestexchangerates.com)
  • APIs or backend endpoints served from our domain
  • Authentication, session handling, and access controls
  • Third-party integrations used in core features

Out-of-Scope Issues

The following are generally not eligible for acknowledgment:

  • Reports from automated scanners without proof of exploitability
  • Missing SPF/DKIM/DMARC records
  • Rate limiting or CAPTCHA bypass without impact
  • Denial of Service (DoS) via large input or brute force
  • Clickjacking on pages without sensitive actions
  • Use of outdated libraries without evidence of a security issue

Legal Safe Harbor

We will not pursue legal action against researchers who:

  • Follow this policy in good faith
  • Avoid data exfiltration, disruption, or harm
  • Promptly report vulnerabilities to our security contact

If in doubt, contact us first.

Thank You

We sincerely appreciate the contributions of ethical hackers and researchers who help us keep BestExchangeRates.com secure. Your effort makes the internet safer for everyone.