Security
Vulnerability reporting and responsible disclosure.
If you believe you’ve found a security issue, please report it responsibly. We take security seriously and will respond as quickly as practical.
What to include
- ✓ What you found and where (URL/path, screenshots if helpful)
- ✓ Steps to reproduce (clear and minimal)
- ✓ What you expected vs what happened
- ✓ Any proof-of-concept data that avoids real customer data
- ✓ Your preferred contact details for follow-up
What not to do
- • Do not access data that is not yours
- • Do not disrupt service (no denial-of-service testing)
- • Do not use automated scanning against production without permission
- • Do not publicly disclose before we have a chance to investigate and fix
- • Do not include sensitive personal data in your report
Safe harbour (good-faith)
If you follow the guidelines above, act in good faith, avoid accessing data that is not yours, and give us a reasonable time to investigate and remediate, we will treat your report as a responsible disclosure.
For enterprise customers and security researchers who need coordinated testing, contact us first and we’ll agree scope and environment.