Security

Last updated: 12 March 2026

We take the security of Pesana and your financial data seriously. If you find a vulnerability, we want to hear about it.

How to report

Email security@qazana.net with:

• A description of the vulnerability and where it occurs
• Steps to reproduce it
• The potential impact, as you understand it
• Your name or handle if you'd like to be credited

Use a descriptive subject line. Plain text is fine. If you need to share sensitive details, ask us for an encrypted channel and we will set one up.

What happens next

We will acknowledge your report within 3 business days and aim to provide an initial assessment within 10 business days. We will keep you updated on our progress and let you know when the issue is resolved.

We ask that you give us a reasonable amount of time to fix the issue before disclosing it publicly. 90 days is the standard we follow.

What is in scope

This policy covers all Qazana Systems LTD properties, including but not limited to:

• pesana.net and all subdomains
• qazana.net and all subdomains
• Web applications and APIs operated by Qazana
• Authentication and session management
• Data exposure or leakage
• Payment processing flaws

What is out of scope

• Social engineering or phishing attacks against employees or users
• Denial of service attacks
• Automated scanning without prior coordination
• Reports from automated tools without verified proof of impact
• Issues in third-party services we use but do not control
• Missing HTTP headers that do not lead to a concrete exploit

Safe harbor

If you report a vulnerability in good faith and follow the guidelines on this page, Qazana Systems LTD will not pursue legal action against you. We consider security research conducted under this policy to be authorized.

This protection applies as long as you:

• Do not access, modify, or delete other users' data
• Stop testing once you have enough information to demonstrate the issue
• Do not degrade the availability of the service
• Report the vulnerability to us before sharing it with anyone else

Recognition

We do not currently offer a paid bug bounty. If you report a valid vulnerability, we will credit you on this page (with your permission) once the issue is resolved.

Contact

Qazana Systems LTD
Email: security@qazana.net