Security

Responsible Disclosure Policy

Nidamiye welcomes the contributions of security researchers. This policy outlines safe guidelines to discover and report security vulnerabilities responsibly.

6 min readUpdated: July 2026

1. Introduction & Purpose

Welcome to Nidamiye (referred to as "Nidamiye", "we", "us", or "our"), a property management and rent-tracking software utility owned and operated by Groundwork Technologies.

We take the safety and privacy of landlord and tenant databases seriously. We believe that vulnerability disclosure from responsible security researchers is vital to securing the internet. This policy outlines how researchers should test our platform, report bugs, and what behavior is prohibited.

2. Scope of Testing

This policy applies to the following digital assets and targets:

  • In Scope: Our core web domains, including nidamiye.com, *.nidamiye.com, and the landlord dashboard application hosting.
  • Out of Scope: Any third-party integration domains (such as Safaricom M-Pesa sandbox services, Microsoft Clarity endpoints, or WhatsApp API vendor gateways). Attacks targeting third-party services are strictly prohibited under this policy.

3. Safe Harbor Principles

If you conduct security research and report vulnerabilities in compliance with this policy:

  • No Legal Action: We will not initiate or support legal actions against you for hacking, intrusion, or computer crimes.
  • Authorized Access: We will consider your research activities authorized, provided you conduct tests ethically without disrupting system availability.
  • Coordinated Fixes: We will work with you to understand the vulnerability and implement a coordinated disclosure schedule.

4. Prohibited Activities

To protect our users and database assets, the following research and testing activities are strictly prohibited:

  • Denial of Service (DoS/DDoS): Flooding server nodes or API endpoints with high volumes of traffic to degrade platform performance.
  • Social Engineering & Phishing: Attempting to trick Nidamiye employees, landlords, or tenants into sharing passwords or API tokens.
  • Data Exfiltration: Accessing or downloading data beyond the minimum necessary to demonstrate a proof-of-concept (PoC). Reading other landlords' private tenant lists or M-Pesa matching records is prohibited.
  • Physical Security: Any physical access attempts or social engineering directed at our office locations, data centers, or employees.

5. How to Submit a Security Report

If you discover a vulnerability, please email a detailed report directly to security@nidamiye.com.

For a high-quality report, please include:

  • A clear description of the vulnerability and its potential impact.
  • Detailed step-by-step instructions to reproduce the issue, including HTTP request payloads, parameter changes, or screenshot proof.
  • Any suggested remediation steps or code-level suggestions.

6. Expected Response Timelines

We are committed to resolving security bugs quickly. We strive to adhere to the following timelines for reported issues:

  • Acknowledge Receipt: We will respond to verify receipt of your report within 48 hours of submission.
  • Initial Assessment: We will evaluate the vulnerability severity and confirm status within 5 business days.
  • Resolution & Hotfixes: Confirmed high-severity bugs will be patched within 14 days, while low-severity bugs will be queued for standard deployment updates.

7. Coordinated Disclosure Guidelines

We ask that you do not share or publish details about a vulnerability you have discovered with third parties or the public until we have had a reasonable opportunity to investigate, patch, and deploy the resolution.

Once a fix is active, we are happy to coordinate on public announcements or researcher credits.

8. Security Contact Details

If you have questions, feedback, or need clarification regarding this policy, please reach out to our security team:

  • Security Email: security@nidamiye.com
  • General Operations: hello@nidamiye.com
  • Parent Company: Groundwork Technologies

Simplify your property management today

Experience the power of automatic rent tracking, instant M-Pesa matching, and automatic WhatsApp receipts.