Security Response

Adapted from the Basecamp open-source policies / CC BY 4.0

Last updated: January 31, 2022

We appreciate your concern

Keeping customer data safe and secure is a huge responsibility and a top priority. We work hard to protect our customers from the latest threats. Your input and feedback on our security is always appreciated.

Reporting security problems

Please note that we currently don't have a bug bounty program.

For security vulnerabilities, and other urgent or sensitive reports, please email us. We’ll respond as soon as we can. Please follow up or ping us on Twitter if you don’t hear back.

For requests that aren’t urgent or sensitive: submit a support request.

Tracking and disclosing security issues

Have you discovered a web security flaw that might impact our products? Please let us know. If you submit a report, here’s what will happen:

  • We’ll acknowledge your report.
  • We’ll triage your report and determine whether it’s eligible for a bounty.
  • We’ll investigate the issue and determine how it impacts our products. We won’t disclose issues until they’ve been fully investigated and patched, but we’ll work with you to ensure we fully understand severity and impact.
  • Once the issue is resolved, we’ll post a security update along with thanks and credit for the discovery.