We value the work done by security researchers to improve the security of our products, service offerings, and the internet as a whole. We are committed to working with this community and will respond to legitimate requests of any reported vulnerabilities. We will assist where appropriate in the reproduction, verification and any remedial activity needed to improve our products, and we encourage the security community to participate in our responsible disclosure process.


How to report an issue

If you are a security researcher and would like to report a security vulnerability, please email: Please provide your name, contact information, and company name (if applicable) with each report.  All reports should be encrypted – please include your PGP public key with such reports.

Download our PGP key.


Responsible Disclosure

We will investigate legitimate reports and make every effort to quickly correct any vulnerability. To encourage responsible reporting, we commit that we will not take legal action against you or ask law enforcement to investigate you if you comply with the following Responsible Disclosure Guidelines:

  1. You do not modify or access data that does not belong to you.
  2. You make every effort to avoid privacy violations, destruction of data and interruption or degradation of our services, and to abide by UK/EU data legislation.
  3. You do not make any information public until we’ve had reasonable time to correct the issue.
  4. You provide details of the vulnerability, including proof-of-concept (POC) work and other information needed to reproduce and validate the vulnerability.

Please give us 2 to 3 business days to respond to your report.

Stay informed and sign up to our monthly newsletter