Security
Worldwise uses measures designed to protect accounts and service data, including encrypted transport, password hashing, signed and scoped tokens, restricted production credentials, provider access controls, server-side purchase verification, replay and rate controls, authenticated export, and account-deletion workflows. No system is perfectly secure.
Protect your account
Use a unique password, keep your device and iOS updated, do not share authentication codes, and contact us if you suspect unauthorized activity. Worldwise support will not ask for your Apple Account password, full card number, or Worldwise password.
Report a vulnerability
Email support@worldwise.app with the subject “Security report”. Include a clear description, affected URL or feature, reproducible steps, impact, and non-sensitive evidence. Do not access another person’s data, disrupt the Service, use social engineering, publicly disclose an unremediated issue, or retain data obtained during testing.
We do not currently operate a paid bug-bounty programme or promise a reward, response time, safe-harbour determination, or remediation schedule. We will assess good-faith reports and coordinate where practical.