Riskalyze Security Response Policy


Responsible Disclosure

Security threats on the Internet are growing far faster than any one company or team can stay ahead of, so providing top-notch security is always a community effort. We're very grateful to the white hat community of independent security researches for their responsible security reports, particularly of issues that could theoretically lead to potential system intrusions or unauthorized data access.

Security and privacy for our customers and their data is of the utmost importance. We work hard to keep our security infrastructure and practices up to date, and welcome the responsible disclosure of any vulnerabilities you may find.


Reporting

We are most interested in vulnerabilities that could theoretically lead to leakage of customer data. The decisions of which reports represent valid concerns and deserve recognition are made at the sole discretion of Riskalyze.

Above all, please make a good faith effort to protect our users' privacy and data. Please don't interrupt or degrade our services. Please do not disclose the details of any discoveries until you have notified us and given us an opportunity to respond and fix the issue.

Please send reports to security@riskalyze.com. For particularly sensitive information you're welcome to use our public key to encrypt the message (please provide a way for us to respond securely). We'll typically follow up within a few business days.


Our Grateful Thanks

We appreciate the effort and skill of those who help keep our services secure. The following experts and researchers have helped us improve our security offerings.