Vulnerability disclosure

We are committed to the security of our products, services, and IT infrastructure. We welcome responsible disclosures from external security researchers and third parties who help us identify potential vulnerabilities.

Reporting a vulnerability

If you believe you have discovered a security vulnerability, please report and include:

• A detailed description of the vulnerability
• Affected system, product or service
• Steps to reproduce the issue
• Any relevant evidence (e.g., screenshots, proof-of-concept code)
• Any potential impact
• Your contact details (optional)

What you can expect

• We will review your report and may reach out for further details.
• If the issue is confirmed, we will take appropriate action to address it.
• We may inform you once the issue is resolved, where appropriate.

Guidelines

To ensure a constructive process, please:

• Avoid exploiting the vulnerability beyond what is necessary to demonstrate it.
• Do not access, alter, or delete data that does not belong to you.
• Do not disrupt our services or compromise user privacy.
• Comply with all applicable laws.

We do not offer monetary rewards for vulnerability disclosures. However, we appreciate your efforts in helping us protect our systems and customers. Thank you.