The security and privacy of our data and users’ information is very important to us. We use technical, administrative, and physical controls to protect this data, but we know no system is perfect. We welcome the help of security researchers who responsibly report potential vulnerabilities in our services.

By working together, we can improve the security of our systems and protect our users. Thank you in advance for your contributions.

How to Report a Vulnerability

If you believe you’ve found a security issue, please email [email protected]

Your report should include enough detail for us to understand and reproduce the issue. Specifically, please provide:

1. Step-by-step instructions to reproduce the vulnerability.
2. An explanation of how you discovered the issue.
3. A description of the data that can be accessed through the vulnerability.
4. A description of any data already accessed (including data types and number of records).

Please stop testing immediately if you encounter personally identifiable information and include only the details necessary for us to validate the issue.

Our Commitment

If you submit a report in line with this policy:

• We will review the issue in good faith.
• We will work with you to understand, validate, and address the vulnerability as appropriate.
• We will keep you informed of our progress, where possible.
• We may reward or recognise reports made in accordance with this policy.

Expectations for Researchers

We ask that you:

• Act in good faith and avoid any activity that could harm us, our users, or disrupt services.
• Not access, alter, save, or share any data beyond what is required to demonstrate the issue.