Responsible Disclosure Policy

Responsible Disclosure Policy

Think you found a vulnerability in one of our systems? Please report this by sending an email to On this page, you will find the information you need to send, and the procedure.

The report will be treated confidentially. We do not share your personal data with third parties without permission - unless this is necessary to comply with a legal obligation.

It is possible to submit the report under a pseudonym.

Please include this information about any vulnerability

  • Description.
  • Reproducible example.
  • IP address or URL of affected system.
  • Any additional information.


  • Do not abuse any vulnerability. For example, do not download more data than necessary.
  • If necessary, share the vulnerability with others only after it has been resolved.
  • Do not use attacks on physical security, social engineering, distributed denial of service, and spam or third-party applications.
  • Do you adhere to these conditions? Then we will not take legal action.

After the notification has been sent

  • You will receive a substantive response to the report within 3 days.
  • You will be kept informed of the progress.

After any vulnerability has been resolved

  • Delete any confidential data.
  • If desired, we will mention your name in a publication.
  • The possible reward depends on the scope.
  • We would like to be involved in any publication.
Legal or privacy questions?