Security
We take the security of the WebNativeApp platform and the apps it produces seriously. This page summarizes our practices and how to reach us.
1. Reporting a vulnerability
If you discover a security vulnerability in the WebNativeApp website, dashboard, or build pipeline, email security@webnativeapp.com with enough detail to reproduce the issue. Please do not publicly disclose the issue until we have had a reasonable opportunity to address it.
2. Our commitments
We aim to acknowledge new reports within two business days, keep you informed as we investigate, and credit reporters who follow responsible disclosure, unless anonymity is requested.
3. Scope
In scope: webnativeapp.com, the onboarding dashboard, and the build pipeline infrastructure we operate. Out of scope: your own website content, third-party app store infrastructure, and social engineering against our staff or customers. See our Bug Bounty page for reward details.
4. Infrastructure practices
Traffic to the dashboard and API is encrypted in transit. Access to production data is limited to staff who need it to operate the service, and changes to critical infrastructure go through review before deployment.
5. security.txt
This page is also published at /.well-known/security.txt in the machine-readable format defined by RFC 9116.
Last updated: July 2, 2026.