Security & responsible disclosure
Trust is our product, so security is not optional. We encrypt data in transit, restrict access, rate-limit our public endpoints, and guard against server-side request abuse. If you find a weakness, we want to hear from you.
Report a vulnerability
Email security@trustiry.com with steps to reproduce, the impact, and any proof-of-concept. Please give us reasonable time to fix an issue before disclosing it publicly.
Please do
- Report promptly and in good faith.
- Use test accounts and only access data that belongs to you.
- Give us enough detail to reproduce and fix the issue.
Please don't
- Access, modify, or delete other people's data.
- Run denial-of-service tests, spam, or social-engineer our team or users.
- Publicly disclose before we've had a chance to remediate.
Safe harbour: if you follow this policy in good faith, we will not pursue action against you for your research, and we'll credit you (with your permission) once the issue is resolved.