We are eager to learn about security vulnerabilities and gaps you may know about and commit to their remediation and continued improvement.
When it comes to the information security of our customers, we are always on the lookout for new and better ways to improve our service and product at RiseUp. Our information security team is happy to listen, get feedback and improve with your help.
We encourage disclosure of any security vulnerabilities, gaps and concerns that can affect our service, product, websites, information security and privacy of our users.
We make a commitment to remedy any finding that can pose a risk to riseup or our customers.
Once you reach out to us about potential security concerns or vulnerabilities, we will respond to your email and acknowledge them within three business days (earlier, most likely). Please collaborate with us while preserving the privacy, integrity and ethics, for all parties involved, for our customers – particularly so.
We operate a Bug Bounty reward and recognition program, it is currently private – invite only (via email@example.com, requires a user with the INTIGRITI bug bounty platform) Please note that this information on this page is in no way an invitation or consent to attack, testing or abuse of our service or products. RiseUp employs tools and independent 3rd-parties for testing, inclusive of penetration testing, vulnerabilities scanning and assessments.
Please keep all discussions with us confidential.
Please report any vulnerabilities and security gaps you are aware of as soon as you are able.
Please allow RiseUp a reasonable time to act to assess and remedy reported vulnerabilities, before you share or talk about them with others.
Act in good faith and make good and reasonable efforts to avoid compromise of customer and RiseUp privacy, integrity and availability of services.