Security of our users’ data is of utmost importance at JourneyApps. We welcome the disclosure of any vulnerability you may find in our platform.
We will treat each security report with the utmost seriousness. We commit to communicating promptly while we investigate the impact on our customers and will remediate the issue if deemed necessary.
We uphold the principles of Responsible Disclosure, including but not limited to:
Additionally, avoid any social engineering or phishing on our customers or employees, and do not physically access any of our properties.
If you follow the responsible disclosure guidelines, we commit to:
JourneyApps does not operate a bug bounty program at this time, but may choose to offer a reward for security reports at our discretion.
Contact firstname.lastname@example.org with details on the issue.
Include at least the following information:
If you plan to provide sensitive credentials or data in the report, please let us know, and we will provide you with a public GPG key for encryption.
We are interested in any reports affecting the security of our platform.
Our customers may host applications on our platform, and these are not considered part of the platform. We may however choose to forward reports for these applications to the relevant customer. This includes any application hosted on the domains poweredbyjourney.com or onjourneyapps.com.
We are not interested in reports of:
Please reach out to us if anything is unclear.