If you believe you have discovered a vulnerability in one of our services or have a security incident to report, then please drop us an email or come by one of our offices to report it. We will investigate all legitimate reports and do our best to quickly fix the problem.
If you comply with the policies below when reporting a security issue, we will avoid a lawsuit or law enforcement investigation against you. We ask that:
- You give us reasonable time to investigate and mitigate an issue you report before making public any information about the report or sharing such information with others.
- You do not access or modify data from other user's accounts unless you have been given permission by that user to do so.
- You make a good faith effort to avoid privacy violation and disruptions to others, including (but not limited to) destruction of data and interruption or degradation of our services.
- You do not exploit a security issue you discover for any reason. (This includes demonstrating additional risk, such as attempted compromise of sensitive data or probing for additional issues.)
- You do not violate any other applicable laws or regulations.