Security Reporting

Our Responsible Disclosure Policy governs how we handle reports of security vulnerabilities in our services. We appreciate the efforts of security researchers who help keep our customers safe.

Guidelines for ethical research:

• Do not attempt to access or modify data that does not belong to you.
• Do not run automated scanners that may impact service availability (no DDoS).
• Provide us with a reasonable amount of time to fix the issue before public disclosure.
• Avoid using social engineering, phishing, or physical attacks.

In return, we promise to acknowledge your report quickly and work with you to understand and resolve the issue. If you follow these guidelines, we will not take legal action against you.