Last updated: July 1, 2026
At Siraj, the security and privacy of our users' data is a top priority. We are committed to protecting the confidentiality, integrity, and availability of the information entrusted to us. We continuously invest in security infrastructure, conduct regular assessments, and foster a culture of security awareness across our team. We welcome the help of security researchers in making our platform safer for everyone.
We implement a comprehensive set of security measures to protect our platform and user data:
We encourage security researchers and the public to report potential vulnerabilities in Siraj's platform responsibly. If you discover a security issue, we ask that you disclose it to us privately and allow us a reasonable period to investigate and remediate before any public disclosure. We commit to acknowledging receipt of vulnerability reports within 48 hours.
To report a security vulnerability, please send a detailed report to our security team at security@siraj.sa. Your report should include:
Please do not submit vulnerabilities through public channels or GitHub issues. We use PGP for encrypted communications — our security team's public key is available upon request.
When you report a vulnerability in accordance with our Responsible Disclosure Policy, we commit to:
The following are considered in scope for our vulnerability disclosure program:
The following are out of scope and will not qualify for recognition:
We maintain a Security Hall of Fame to acknowledge researchers who help us improve our security posture. With your permission, we will list your name or pseudonym in recognition of your contribution. We do not currently offer monetary bounties, but we deeply appreciate responsible disclosures and may provide Siraj swag as a token of gratitude.
For security-related inquiries or to submit a vulnerability report:
Siraj Platform
Security Team
King Abdullah Financial District
Riyadh, Saudi Arabia
security@siraj.sa