We follow Safe Harbour rules and the disclose.io principals.
Found a bug or security vulnerability? We're happy to work with security researchers on findings they've observed. You can report through firstname.lastname@example.org with "Security Report" in the subject line.
Your privacy will be respected, and you can remain anonymous. However, on the occasion we decide to award the finding (within our discretion), we may request addition identification information to send swag. HTP!