Skip to content

Legal

Responsible disclosure

If you find a vulnerability in any Caviyard product or in this site, we want to hear about it. This page describes how to report it and what to expect from us.

How to reach us

Send the report to security@caviyardcorp.com. Encrypt it if you can. Our PGP key is available on request.

What we ask

Please give us a reasonable window to acknowledge and fix the issue before disclosing it publicly. Do not access more data than is needed to demonstrate the issue, do not degrade our service, and do not test against accounts that are not yours.

Acting in good faith under this policy, within these limits, will not lead to legal action from us.

What you can expect

We acknowledge reports within two working days, assess them within seven days, and report the fix back to you when it ships. Serious findings are eligible for a reward paid in cash, set per case.