If you discover a security vulnerability, please email us at firstname.lastname@example.org. Upon discovering a vulnerability, we ask that you act in a way to protect our users' data:
Inform us as soon as possible.
Test against fake data and accounts, not our users' private data (please ask if you'd like a free account to work on this).
Work with us to close the vulnerability before disclosing it to others
We guarantee response within one business day, most likely much less.
If you would like to send an encrypted message, please sign using our public PGP key:
We are open to discussing payment to security testers who can present us with significant security vulnerabilities that we can verify exist in our product. Though we are still a relatively small company, we aim to make payouts in the $500-1000 range for valid issues brought to our attention. We are also open to publicly recognizing contributions made by security researchers who responsibly disclose improvement opportunities to us.