Security
Responsible disclosure policy.
We hold ourselves to the same standard we hold our clients to. If you believe you've found a security issue in one of our websites or systems, we want to hear from you — and we'll work with you in good faith.
Reporting a vulnerability
Email [email protected] with the details — what you found, where, and how to reproduce it. Please give us reasonable time to investigate and fix the issue before disclosing it publicly.
Our commitment to you
- We'll acknowledge your report and keep you updated as we work on it.
- We won't pursue or support legal action against researchers who act in good faith under this policy.
- We'll credit you for the find if you'd like us to.
Acting in good faith means
- You only access the minimum needed to demonstrate the issue, and you don't exfiltrate, alter, or destroy data.
- You don't degrade our services or those of our clients.
- You give us a fair chance to remediate before going public.
How we work on the other side
This is the exact standard we bring to every engagement: authorized scope, minimal access, private disclosure, and a fix verified before anyone moves on. It's why we exist. If your business needs that kind of partner, let's talk.