Security Policy

Reporting Vulnerabilities

If you believe you have found a security vulnerability in our application or systems, please let us know by contacting our security team. We take all disclosures seriously and will respond promptly to your report.

How to Report

• Email: [email protected]
• PGP Key: Download PGP Key for secure communication
• Response Time: We aim to acknowledge your report within 48 hours and resolve the issue as quickly as possible.

Scope

The following systems and applications are in scope for our security policy:

• Our primary website and subdomains
• Mobile applications for iOS and Android
• Public APIs

Note: Out-of-scope issues include vulnerabilities on third-party services or expired software no longer supported by our team.

Safe Harbor

We support ethical security research and will not take legal action should your findings align with the following guidelines:

• Do not compromise the privacy or data of users
• Limit tests to in-scope systems
• Avoid disruption to production systems

Acknowledgements

Researchers who responsibly disclose vulnerabilities and assist in improving our systems may be publicly credited with their permission. Additionally, our hall of fame feature may showcase your contribution.