Responsible Disclosure Policy
Keeping data secure at June
We know that keeping data safe is critical to our customers, to the security experts who watch for vulnerabilities, and to June. For that reason June has adopted a responsible disclosure policy. If you are a security researcher, this policy affirms June’s commitment to keeping data secure and how you can help us maintain our commitment to high privacy and security standards.
Our responsible disclosure policy
If you are a security researcher and think you have found a security vulnerability in one of our products, mobile apps, or web services, we want to hear about it.
- Let us know as soon as possible of any potential security issue.
- We ask that you give us a reasonable amount of time to respond to your report before making any information public or providing it to any third party.
- Please don’t access, use, or modify user data without permission of the account owner.
- Act in good faith, particularly to avoid degrading the performance of our services.
- Please do not attempt denial of service attacks, social engineering, physical property or infrastructure attacks, infringe third parties’ intellectual property rights, spam our users, or engage in other similarly questionable behaviors.
June is committed to working with bona fide security researchers who come to us in good faith, including abiding by our responsible disclosure policy, to help us identify and resolve potential privacy and security issues without initiating legal actions against them. As a responsible steward of our and our users’ data, June will take appropriate actions to protect that data against bad actors.
Contacting us about security issues
To report a vulnerability or possible security issue, please email us directly at firstname.lastname@example.org. Someone from our team will engage with you within one business day. After that, we'll work with you to understand the potential vulnerability and, if verified, commit to implementing a solution in a reasonable amount of time.
If you are a bona fide researcher, we verify that the issue you've reported is one that puts June, our customers, or our product at risk, and if yours is the first such report to us, we are happy to offer a bounty commensurate with the severity of the vulnerability and the difficulty of discovering it. Details will be provided at the time of submission. Or, you may email the above address to request more information about our bounty program.
Thank you for helping us keep June users safe!