← Back to getsige.com

Security policy

Coordinated Vulnerability Disclosure (CVD) for Sige Software Solutions OPC · Last updated 2026-05-03 · Version 1.0

We take the security of getsige.com, the Sige Hub PWA, and our Azure-hosted APIs seriously. If you have discovered a security vulnerability, this page tells you how to report it responsibly.

1. Scope

This policy covers:

Out of scope:

2. How to report

Contact us at security@getsige.com or, as a backup, dev@van-wouw.com.

We accept reports in English, Tagalog, Cebuano, or Dutch.

Please include:

3. What you may do

4. What we promise

5. No bug bounty (yet)

Sige is a self-funded Filipino startup. We do not currently offer monetary rewards. We do offer public credit, swag where feasible, and our genuine thanks.

6. PII and DPA-compliance

Sige processes Filipino personal data under the Data Privacy Act (RA 10173). If your finding involves a personal data breach as defined by NPC Circular 16-03, we will coordinate with you on responsible disclosure and notify the National Privacy Commission within 72 hours per legal requirement.

See our privacy policy for our data-handling practices.

7. Hall of fame

With the researcher's consent, we list valid contributors below. No findings yet — be the first.

8. References

Sige Software Solutions OPC · SEC registered, Digos City, Davao del Sur, Philippines · About · Privacy · security@getsige.com