Responsible Disclosure Program

Security VulnerabilityReporting Program

We take security seriously and appreciate the security research community's efforts to help keep our systems and services secure. If you've discovered a security vulnerability, we want to hear from you.

Report a Vulnerability View Guidelines

What to Report

We're interested in security vulnerabilities that could impact the confidentiality, integrity, or availability of our systems, services, or customer data.

Authentication & Authorization

Issues related to authentication bypass, privilege escalation, or session management

Authentication bypass vulnerabilities
Session fixation or hijacking
Insecure direct object references (IDOR)
Missing or broken access controls

Data Exposure

Sensitive data leaks, information disclosure, or privacy violations

Sensitive data exposure
Insecure data storage
Information disclosure in error messages
Insufficient data protection

Code Execution

Remote code execution, command injection, or server-side vulnerabilities

Remote code execution (RCE)
SQL injection
Command injection
Server-side request forgery (SSRF)

Cross-Site Vulnerabilities

XSS, CSRF, and other client-side security issues

Cross-site scripting (XSS)
Cross-site request forgery (CSRF)
Clickjacking
Insecure deserialization

How to Report

Follow these guidelines to ensure your report is processed quickly and effectively

Submit via Contact Form

Use our secure contact form to submit your vulnerability report. Please include the following information:

Detailed description of the vulnerability
Steps to reproduce the issue
Potential impact and severity assessment
Proof of concept (if applicable)
Your contact information for follow-up

Go to Contact Form

What NOT to Do

To ensure a safe and responsible disclosure process, please avoid:

Accessing or modifying data that doesn't belong to you
Performing any actions that could harm our systems or users
Disclosing the vulnerability publicly before we've addressed it
Using automated scanning tools that may impact system performance
Social engineering or phishing attacks against our employees

What to Expect

Our security team follows a structured process to handle all vulnerability reports

Submit Report

Use our contact form to report the vulnerability with detailed information

Initial Response

We'll acknowledge receipt within 24-48 hours and begin our assessment

Verification

Our security team will verify and validate the reported vulnerability

Remediation

We'll work to fix the issue and keep you updated on our progress

Resolution

Once fixed, we'll confirm the resolution and recognize your contribution

Safe Harbor Policy

We recognize the important role that security researchers play in keeping the internet safe. As such, we provide safe harbor for security researchers who act in good faith.

Legal Protection

We will not pursue legal action against security researchers who discover and report vulnerabilities in accordance with our responsible disclosure guidelines.

Recognition

With your permission, we may publicly acknowledge your responsible disclosure and contribution to our security program.

Timeline

We aim to acknowledge reports within 24-48 hours and provide regular updates on our remediation progress.

Ready to Report a Vulnerability?

Help us keep our systems secure by reporting any security vulnerabilities you discover. We appreciate your responsible disclosure and commitment to cybersecurity.

Report via Contact Form Contact Security Team

When submitting your report, please select "Reporting a Vulnerability" as your inquiry type in the contact form for faster processing.