SECURITY

Hoply (hoply.my) is operated by OurtechLabs (ourtech.my). This page describes our security posture and how to report issues.

REPORTING

If you believe you found a vulnerability, please report it privately via the Contact page. Please include reproduction steps and the impacted URL(s).

LAST UPDATED: 2026-01-10

DATA PROTECTION

  • We use transport encryption (HTTPS/TLS) for traffic in transit.
  • We log minimal event data required to provide analytics and prevent abuse.
  • We hash IP addresses before storing them for privacy-preserving abuse detection.

ABUSE PREVENTION

Hoply uses rate limiting and basic bot/suspicious-user-agent detection to reduce automated abuse.

WEBHOOK SECURITY

If you enable webhooks, keep your endpoint private, validate incoming requests, and avoid logging secrets. Use separate environments (dev/staging/prod) where possible.