RESPONSIBLE DISCLOSURE POLICY

Responsible disclosure policy: The goal of this policy is to be compliant with generally accepted best practises for vulnerability disclosure. It does not authorise you to do something that violates the law or makes others break their legal duties.

We welcome anyone who has found possible vulnerabilities to responsibly disclose them to us. Only accounts that you own or are authorised to use may be seen or accessed.

The following types of research are prohibited:

Send a note through our contact page to the Security Team with the specifics of any potential vulnerabilities. Without our express written consent, do not make these facts public. We don’t pay people or organisations for discovering actual or prospective vulnerabilities.

In your report please include details of:

Skip to content