Security
Found a vulnerability? We take security reports seriously and respond within 24 hours.
Disclosure policy
We ask that researchers report vulnerabilities responsibly by contacting us before making any findings public. We will acknowledge your report within 24 hours and keep you informed as we investigate and remediate.
We will not pursue legal action against researchers who act in good faith. In exchange, we ask that you do not access, modify, or exfiltrate user data beyond what is necessary to demonstrate the vulnerability.
Researchers who report valid, previously unknown vulnerabilities will be credited in our acknowledgements at their discretion. We do not currently offer a paid bug bounty, but we are grateful for every report.
Report a vulnerability