Responsible disclosure
HOW TO REPORT A SECURITY VULNERABILITY TO US
If you believe you have found a security vulnerability in our website, we encourage you to let us know right away. We welcome reports from everyone, including developers, researchers and customers.
To report a security vulnerability, please contact us using the form below and include the following information:
- The URL where you found the issue.
- When did you find the issue
- A description of the issue, including what you saw and/or what you expected to see.
- The sequence of steps to recreate the issue, or a video showing the process if that’s easier for you, or if it’s complicated.
HOW WE HANDLE VULNERABILITY DISCLOSURE
We will send you an automatic reply to let you know that we received your report, and may contact you if we need more information.
Please note that we do not offer a bug bounty program. This means we do not pay rewards for disclosed security vulnerabilities.
To protect our customers, we investigate all reported issues but we do not confirm them publicly unless required to do so by law.
If you wish to document the incident research/publication reasons, please let us know so we can discuss that further.
What we ask of you
- You make a good faith attempt to prevent any legal or privacy breaches. As well, you avoid any interruptions to others, such as information disclosure or destruction, and interruption or deterioration of our services (but not limited to).
- You do not exploit a security flaw you find. This might involve exhibiting further danger, such as attempting to breach important corporate data or digging for other problems.
- You do not violate any other applicable laws or regulations.