Legal
Security
Last updated: June 30, 2026
This page covers the public Matjarina website, installer delivery, and support contact channels. Security reports are welcome and should be sent to security@matjarina.app.
Found a vulnerability? Send clear reproduction steps, affected URL or file, expected impact, and any safe proof of concept. We acknowledge good-faith reports as quickly as possible.
1. Website transport security
- The website is served over HTTPS.
- HTTP Strict Transport Security is enabled.
- Security headers restrict framing, content sniffing, permissions, and referrer leakage.
- The public page is designed to avoid third-party login or checkout scripts.
2. Installer delivery
- The main download is served from the Matjarina domain.
- The download endpoint supports ranged requests for stable browser downloads.
- Installer files are hosted as static assets behind Cloudflare edge protection.
3. Data exposure
The public website is intentionally small: it does not expose customer dashboards, online POS data, or public account management screens. Store data is handled by the installed Matjarina application and the customer environment.
4. Vulnerability disclosure rules
To keep testing safe, please:
- Test only the public website and files you are allowed to access.
- Do not attempt denial-of-service, spam, or destructive testing.
- Do not access or disclose data belonging to other users.
- Give us a reasonable opportunity to fix confirmed issues before public disclosure.
5. What to include
- Reporter contact details.
- Affected URL, endpoint, or file name.
- Steps to reproduce.
- Impact and suggested severity.
- Screenshots or logs if they help explain the issue.
6. Out of scope
- Automated scanner output without a working proof of impact.
- Social engineering or physical attacks.
- Volumetric denial-of-service.
- Issues in third-party software unrelated to Matjarina configuration.
7. Contact
Security reports: security@matjarina.app