Security

Ficha is built so that control never leaves you. If you believe you have found a security vulnerability, we want to hear from you.

Responsible disclosure

We follow responsible disclosure practices and ask that you:

  • Report the issue to us before disclosing it publicly.
  • Give us enough detail to reproduce and verify it.
  • Allow reasonable time for us to address it before any disclosure.
  • Avoid accessing, changing, or deleting data that is not yours.

How to reach us

Email us at security@ficha.com.

For sensitive reports, encrypt your message with our PGP public key.

Our security contact is also published as a security.txt (RFC 9116).

What Ficha will never do

To keep you safe:

  • We will never ask for your keys, recovery details, or passwords.
  • We will never contact you out of the blue about moving your funds.
  • We will never pressure you into a rushed transaction.
  • We do not give investment advice or tell you when to buy or sell.

If you receive a message claiming to be from Ficha that breaks these rules, do not respond, and report it to security@ficha.com.

PrivacyTermsSecurity
EN·ES·PT