Incident response
Security is our highest priority. If a security incident occurs in our software or services, we'll drop everything else until it's been resolved, and provide status updates during any security-related outages. Once our investigations are complete, we'll publish a full, timely, and transparent post-mortem account of what happened, and what measures we've implemented to ensure that similar incidents are prevented in the future.
Report an incident or vulnerability
If you discover a vulnerability in our software or services, or if you need to report a security incident to us, please notify us as soon as possible by emailing us at [email protected]. Our mail servers implement RFC 8461 (MTA-STS) for best-of-class email transport security. However, if you believe your disclosure requires absolute secrecy, feel free to encrypt your message using our Director's PGP key.