Responsible Disclosure
Help us keep our platform secure by responsibly reporting security vulnerabilities
Our Security Policy
We take the security of our systems seriously, and value the security community. The responsible disclosure of security vulnerabilities helps us ensure the security of our users.
Guidelines
- Provide detailed reports with reproducible steps
- Submit your reports in a timely manner
- Keep information about any vulnerabilities confidential until they are fixed
- Do not access, modify, or delete data that isn't yours
- Do not conduct denial of service attacks
- Do not attempt social engineering or phishing attacks
- Do not use automated vulnerability scanners without permission
Scope
This policy applies to all our production systems and user data. The following are out of scope:
- Third-party services and applications
- Issues related to outdated browsers or plugins
- Social engineering or phishing of our employees
- Physical or social engineering attacks against our facilities or employees
- Denial of service attacks
Recognition
We believe in acknowledging security researchers who help us improve our security. Researchers who submit valid vulnerabilities will be recognized (with permission) on our security acknowledgments page.
Contact Information
For security vulnerabilities, please contact us through one of the following methods:
For general product questions or customer support, please visit our Support Center.