Trust Center

Responsible Disclosure

We welcome good-faith security research into our products and infrastructure, and we commit to working with you, not against you.

How to report

Email security@offloadsecurity.com with a description of the issue, steps to reproduce, and any relevant proof of concept. A machine-readable pointer is published at /.well-known/security.txt.

What we commit to

  • Acknowledgement within 2 business days
  • An assessment and expected timeline within 10 business days
  • No legal action for good-faith research that respects the guidelines below
  • Credit for the finding, if you want it, once fixed

Guidelines

  • Do not access, modify, or delete data that is not yours; use test accounts wherever possible
  • No denial-of-service, spam, social engineering, or physical attacks
  • Give us a reasonable window to remediate before public disclosure