Security and privacy are our utmost concerns. If you believe you have found a security or privacy issue in our applications and systems, we greatly appreciate your feedback.
Delivering secure services and ensuring the privacy of our customers and partners is the highest priority of our Engineering team. We strive to continuously improve our products and appreciate any support we receive on ensuring the security of our customer's data. At the same time, we understand how tricky and difficult it can be to conduct IT security research and safely report findings in security and privacy matters. Therefore, we are committed to creating a safe environment to report vulnerabilities.
Once a legitimate report is submitted, we will review and fix the issue(s) as soon as we can. You will be updated by use once the review is finished. We ask you to adhere to this Vulnerability Disclosure Policy and act in good faith to be eligible for a reward. We ask you to avoid privacy violations, destruction of data and interruption or degradation of our service during your research.
Services provided directly by re:cap are in scope. This includes www.re-cap.com and app.re-cap.com.
The following conditions are out of scope for the Vulnerability Disclosure Program and not eligible for a reward:
Please be considerate when testing re:cap services and infrastructure. Do not create an unnecessary number of accounts or put an unusual load on the re:cap systems while testing.
You must agree to our Vulnerability Disclosure Policy.
You must be the first person to responsibly disclose an unknown issue.
re:cap pledges not to initiate legal action against researchers as long as they adhere to the guidelines outlined in this Vulnerability Disclosure Policy.
We request that you do not share any information about a potential vulnerability publicly until we have researched, responded to, and addressed the reported vulnerability and informed customers if needed.
To be eligible for a reward, you must be legally allowed in your jurisdiction to send an invoice to re:cap Technologies GmbH, Berlin, Germany.
The decision to pay a reward is entirely at re:cap's discretion. You must not violate any law. You are responsible for any tax implications or additional restrictions depending on your country and local law. We reserve the right to cancel this program at any time.
Please report your findings via email to firstname.lastname@example.org. If you would like to encrypt your message using PGP, you can find the necessary information at https://www.re-cap.com/security/security.txt.
Submitting high quality reports is highly encouraged. Reports that are low quality and unclear will be closed without response. Please include the following information in your report: