We are committed to ensure the safety and privacy of our users data and believe in collaborating with security researchers to identify and resolve any vulnerabilities.
If you discover a vulnerability in any of our systems or products, we ask that you report it to us in a responsible and ethical manner.
In order for us to promptly address the vulnerability, please adhere to the guidelines provided below:
- Do not exploit the vulnerability beyond what is necessary to demonstrate the vulnerability to us, especially altering or destroing any data that does not belong to you.
- Do not share information about the vulnerability with anyone else until we have had a reasonable amount of time to address the issue.
- Provide us with a detailed report of the vulnerability, including steps to reproduce it, potential impact, and any relevant technical information.
Please note that the following types of vulnerabilities are out of scope for this Responsible Disclosure policy:
- Physical security vulnerabilities, such as those involving our office premises or data centers
- Denial of Service (DoS) vulnerabilities, such as those involving overwhelming our systems with traffic or requests
- Social engineering attacks, such as phishing or pretexting, aimed at our employees, partners, or customers
- Spam or unsolicited messages, whether sent through our systems or spoofed to appear as if they came from our systems
- Phishing attacks, such as those involving the impersonation of our company or our products or services
- Vulnerabilities in our customers systems, for example content management systems hosted on our servers
Domains in scope (including subdomains):
In return for your cooperation, we commit to:
- Acknowledging receipt of your report within 3 business days.
- Keeping you informed of our progress in addressing the vulnerability.
- Not taking legal action against you, provided that you have acted in good faith and followed the guidelines outlined above.
PGP Key Id: 28AF D70C 31A1 EE31 501C 3586 AB42 DA44 8C3B 4655
By reporting a vulnerability to us, you are helping to improve the security of our systems and products, and we appreciate your efforts.
While there is no financial reward offered for reporting vulnerabilities, we value your contribution in helping us maintain a secure environment.