Report a security issue
We take security seriously and are committed to supporting responsible disclosure of any issues you may uncover. If you are a security expert or researcher, we appreciate your efforts to keep our customers safe. We ask that you give our team a chance to research and address a vulnerability before disclosing it publicly.
How to Report an Issue
Please send details of the issue to firstname.lastname@example.org. If you'd like to encrypt your message, please use our PGP public key. We will respond within 24 hours and assign a point of contact to follow up on the issue.
Please include a detailed summary of the issue and steps on how to reproduce it.
As you research issues, please adhere to the below guidelines:
- Do not destroy any data.
- Do not attempt to access or modify another user’s account or data. Do not otherwise interfere with any other users' accounts.
- Do not expose any data belonging to other users.
- Do not interrupt or degrade our services. Rate limiting and denial of service attacks are not within scope of this policy.
- Non-production versions of the site (i.e. demo or staging instances) are not within scope of this policy.
- If you find any issues at blog.wellthy.com, they should be reported to Ghost.
We respect the effort and skill that goes into finding and disclosing security issues. We credit researchers based on the value of the contribution. On a monthly basis, we will review submissions and update the below list. Credit will not be given for items which were first reported by another researcher. Wellthy retains the right to modify or discontinue this program at any time.
We would like to thank the following people: