Skip to content

Responsible Disclosure Policy

At Taxumo, we are committed to maintaining the security and privacy of our users and systems. We value the efforts of security researchers and the broader security community who help us protect our platform and customers.

If you discover a potential security vulnerability in our systems, we encourage you to report it to us responsibly. This policy outlines our process and expectations for handling security reports.

How to Report a Security Vulnerability

If you believe you have found a security vulnerability on our website, applications, or infrastructure, please report it to us via email at:

📧 security@taxumo.com

Include the following information:

  • A detailed description of the vulnerability.
  • Steps to reproduce the issue.
  • Any relevant screenshots, videos, or proof-of-concept code.
  • Your contact information (optional, if you’d like updates on the resolution).

What to Expect from Us

When you report a vulnerability in good faith, we will:

  • Acknowledge receipt of your report within 3-5 business days.
  • Provide regular updates on the status of the vulnerability assessment.
  • Notify you when the issue has been resolved.
  • Credit you publicly for your contribution (if you wish) through the website.

Guidelines for Responsible Disclosure

We ask that you:

  • Avoid privacy violations, data destruction, or service disruption.
  • Do not exploit the vulnerability beyond the minimal extent necessary to demonstrate its existence.
  • Do not publicly disclose details of the vulnerability before we have addressed it.
  • Comply with applicable laws.

Legal Safe Harbor

We will not pursue legal action against individuals who:

  • Engage in testing and reporting in good faith.
  • Follow this Responsible Disclosure Policy.
  • Avoid privacy violations and data destruction.

Exclusions

Please note that the following are generally out of scope:

  • Social engineering attacks (phishing, impersonation, etc.).
  • Physical security vulnerabilities.
  • Automated scans without meaningful proof-of-concept.
  • Issues related to outdated browser versions or plugins

Recognition

We appreciate the efforts of researchers and may acknowledge significant contributions on a public recognition page, subject to mutual agreement.

Thank you for helping us keep Taxumo and our users safe.