Report a Security Issue
We take platform security and user data seriously. If you have discovered a vulnerability, please report it responsibly using this channel.
Our Security Commitments
Rapid Response
We acknowledge every valid report within 48 hours and aim to ship a fix within 14 days for critical issues.
Researcher Safety
Acting in good faith per our policy means you will not face legal action for responsible disclosure.
Confidentiality
All submitted vulnerability details are kept strictly confidential between you and our security team.
Credit & Recognition
Verified reporters are credited in our Security Hall of Fame and may qualify for our bug bounty reward.
Disclosure Policy
We appreciate the work of the security research community in keeping our platform safe. When testing and reporting, please adhere to the following guidelines:
Do not impact or access other users' accounts or data.
Prove the vulnerability with minimal, non-destructive actions.
Do not run automated scanners that generate high traffic loads.
Keep all findings confidential until we have issued a fix.
Social engineering, phishing, or physical attacks are out of scope.
Denial-of-service (DoS/DDoS) attacks are strictly out of scope.
PGP Encryption
For sensitive exploit data, please encrypt your report using our public PGP key. Download it from our keyserver or copy the fingerprint: A1B2 C3D4 E5F6 7890 1234