We take the security of our clients' data very seriously, and strongly encourage anyone who thinks they have discovered a potential security vulnerability in any of our services to disclose it to us responsibly.
We appreciate the assistance of security researchers and are happy to work with them to validate and respond to vulnerabilities that are reported to us in a responsible manner. However, we do not tolerate any of the following, which will be reported to the appropriate authorities and may incur legal action:
Please share the details of any suspected vulnerability with us by sending email to our security team at [email protected]. You should include as much information as possible in your report, including how we can reproduce the issue.
For all researchers following this Responsible Disclosure Policy, we commit to:
We do not offer compensation to individuals or organizations for identifying potential or confirmed security vulnerabilities, and requests for monetary compensation will be treated as a breach of this Responsible Disclosure Policy.
Donation to charity
Although we do not offer monetary compensation, if we feel that the vulnerability is significant we will show our appreciation by making a donation on your behalf to your choice of these charities: