If you've found a security vulnerability or something that looks like it could be a problem, please let us know.
How to report
Open a support ticket and describe what you found. Include:
- What the issue is and where you found it
- Steps to reproduce it if possible
- What information or access it could expose
We take security reports seriously and respond as quickly as we can.
What to expect
We'll acknowledge your report and investigate. If the issue is confirmed, we'll work on a fix and keep you updated. We don't currently have a formal bug bounty program, but we do genuinely appreciate responsible disclosure.
Please don't
- Exploit the vulnerability beyond what's needed to confirm it exists
- Access or modify other users' data
- Share the details publicly before we've had a chance to address it
Responsible disclosure gives us time to fix the issue before it becomes a wider problem. We'll always credit you in our acknowledgements if you'd like.
If your own account is compromised
If you think your account has been accessed without your permission, that's not a vulnerability report — go to Active sessions to revoke unknown sessions and change your password immediately. Then open a support ticket so we can look into what happened.