Security policy at Buy Me a Coffee

At Buy Me a Coffee, protecting your personal and financial information is not just a policy—it’s a foundational part of our service. Our protective measures are designed to be as reliable as the service we aim to provide.

Our security measures

DDoS mitigation - We proactively shield our services from disruptive cyber threats to ensure your experience is uninterrupted.
Cloudflare CDN - Our use of Cloudflare's CDN improves website performance and security, providing a reliable and secure experience for users worldwide.
IP rate limiting - To prevent abuse, we have implemented an IP rate limiting script that moderates the frequency of access to our services.
Continuous monitoring - Our moderation team conducts daily assessments of traffic patterns, incoming transactions, newly created pages, caching effectiveness, instance health, and database performance to preemptively identify and address potential issues.
Content security policy (CSP) - We enforce a strict CSP to protect against common web vulnerabilities and ensure that only trusted content is served.
Browser security - Access from outdated browsers is restricted to maintain a secure and modern user experience.
Database security - Our databases are hosted within a private network, accessible only to authorized personnel, further securing your data.
Access control - Strict controls are in place to regulate access to our servers, ensuring only qualified staff can manage and maintain our infrastructure.

Your contribution to security

We welcome the sharp eyes of our community to help us keep a vigilant watch over our platform's security. If you're a security enthusiast or a professional researcher and you come across a security issue, your expertise will be really helpful for us. We appreciate your discretion and encourage you to share your findings so we can address them immediately. It's through efforts like yours that we can maintain a safe and secure environment for our creators.

Reporting Vulnerabilities - If you discover a security vulnerability, please report it to us at [email protected]. Include as much detail as possible to help us understand the issue. For sensitive issues, you can use our PGP key: https://cdn.buymeacoffee.com/keys/security_pgp_key.asc

Prohibited actions

Please avoid any actions that might compromise the security of our website and creators. Here are some key examples of what to avoid on Buy Me a Coffee

Legal compliance - Uphold the law. Do not engage in illegal activities or encourage others to do so.
Exploiting platform features - Avoid manipulating or exploiting platform features in a manner that they were not intended to be used.
Respect personal information - Handle any personal information you encounter, especially as a creator, with utmost respect and confidentiality. Use it solely for purposes related to Buy Me a Coffee.
No spamming - Avoid sending unsolicited messages or advertisements. Let's keep our communications meaningful and relevant.
Malware is a no-go - Our platform is not a place for harmful software. Please refrain from using Buy Me a Coffee to host or distribute malware.
Maintaining service quality - Help us keep Buy Me a Coffee running smoothly. Avoid actions that could impair others' ability to use and enjoy the platform, such as brute force attacks or load testing.
Data use ethics - While we appreciate innovation, scraping or indexing our site's information without permission is off-limits. If you have an idea that involves using our data, please get in touch with us first.
Respect our code - Reverse-engineering or unauthorized access to our code is not allowed.

Get recognized for your contributions

If you spot a security issue and report it, you could be recognized for your sharp eye. If you prefer to remain anonymous, you can use a pseudonym. Here's how:

You're the initial reporter of a specific vulnerability.
The vulnerability is confirmed as a valid security concern.
You've adhered to our guidelines.

About Help Center

Apps

Resources

Privacy Terms