Security Vulnerability Disclosure Program

We value the contributions of the security research community in helping us maintain the security of our systems

We Welcome Your Security Findings

Thank you for your interest in helping us keep our systems secure. We value the contributions of the security research community and recognize the importance of a coordinated approach to vulnerability disclosure. If you have discovered a security vulnerability, we encourage you to let us know immediately. We welcome the opportunity to work with you to resolve the issue promptly.

Our Commitment

Adhering to industry standards is important to us, and our program is covered by:

• Coordinated Vulnerability Disclosure
• Safe Harbor
• Open Scope
• Core Ineligible Findings
• Detailed Platform Standards

What Happens After You Submit

After submitting your vulnerability report, here's what you can expect:

• We will acknowledge receipt of your report within 2 business days.
• Our security team will analyze the report and validate the vulnerability.
• We'll provide regular updates as we work to address the vulnerability.
• Once resolved, we'll notify you and may ask for confirmation of the fix.

Company-Specific Information

When testing for vulnerabilities, please note the following:

• Third-party services hosted at *.thirdparty.* are not in scope for this vulnerability disclosure program.
• Our mobile applications are in scope for security testing.
• We do not authorize testing that may impact our production environment or other users of our services.