Security & Responsible Disclosure

At Swipe & Tap, security is a core part of how we design and build software - not an afterthought.

We develop mobile apps and web platforms using a secure-by-design approach, aligned with recognised standards such as ISO 27001 and the OWASP Top 10.

We welcome responsible disclosure of security vulnerabilities.

How to Report a Vulnerability

If you believe you've identified a security issue in a system or application developed by Swipe & Tap, please contact us:

Email: security@swipeandtap.co.uk

To help us investigate efficiently, please include:

• A clear description of the vulnerability
• Steps to reproduce the issue
• Any supporting evidence (screenshots, requests, code snippets)
• The potential impact, if known

Our Response Commitment

We aim to:

• Acknowledge reports within 2 working days
• Investigate and validate findings promptly
• Provide updates where appropriate
• Resolve confirmed issues in a timely manner

We appreciate clear, responsible reporting and will acknowledge valid disclosures where appropriate.

Scope

This policy applies to:

• Web applications, APIs, and mobile apps developed and maintained by Swipe & Tap
• Systems hosted and managed by our team

If you're unsure whether something is in scope, please contact us before testing.

Out of Scope

The following activities are not permitted:

• Denial of Service (DoS) or traffic flooding
• Social engineering (e.g. phishing, impersonation)
• Physical attacks against infrastructure or personnel
• Accessing or modifying data that does not belong to you
• Automated scanning that negatively impacts system performance

Responsible Testing Guidelines

We ask that you:

• Act in good faith and respect user privacy
• Avoid disrupting services or impacting other users
• Only test systems you have permission to interact with
• Stop testing and report immediately if sensitive data is exposed

Safe Harbour

We will not take legal action against individuals who:

• Act in good faith
• Follow this policy
• Do not exploit vulnerabilities beyond what is necessary to demonstrate them

Our Approach to Secure Development

Security is embedded into our delivery process, including:

• Task-level security considerations during development
• Peer-reviewed code changes before release
• Alignment with common vulnerability frameworks such as OWASP
• Continuous improvement of processes, tooling, and developer awareness

security.txt

Our security contact details are also published via the industry-standard security.txt file:

https://swipeandtap.co.uk/.well-known/security.txt

Contact

For any security-related queries, please email:

security@swipeandtap.co.uk

This Cookie Policy was last updated on 3rd May 2026.