Maivas Docs Open the app

Responsible disclosure

Version 1.0. Last updated 4 July 2026.

We take the security of Maivas seriously, because Maivas holds the keys to our customers' marketing accounts. If you are a security researcher or a user and you find a vulnerability, we want to hear from you. Maivas is operated by Move Me Media Pty Ltd (ACN 699 626 385).

How to report

Email info@movememedia.com.au with:

  • a description of the issue and where you found it;
  • steps to reproduce it, or a proof of concept; and
  • the impact you think it could have.

Please give us a reasonable time to investigate and fix the issue before you disclose it publicly.

Our commitment

  • We will acknowledge your report within 5 business days.
  • We will keep you updated as we investigate and work on a fix.
  • We will not take legal action against you for a good-faith report that follows this policy.
  • With your permission, we are happy to credit you once the issue is resolved.

Scope

In scope: the Maivas application and its APIs.

Please do not:

  • access, modify or delete data that is not yours, beyond the minimum needed to demonstrate the issue;
  • run attacks that degrade the service for others (for example denial of service), or use social engineering, spam or physical attacks;
  • test the third-party platforms we integrate with (for example Meta, Google, Stripe); report issues in those to the platform directly.

Out of scope

Reports that are theoretical with no realistic impact, issues in third-party services we do not control, and findings from automated scanners without a demonstrated exploit.

Thank you for helping keep Maivas and our customers safe.