Responsible Disclosure Policy

At dropXL, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present. If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We ask for your help in protecting our clients and systems even better.

Please do the following:

• Report your findings via our YesWeHack bug bounty program .
• Do not take advantage of the vulnerability or issue you’ve discovered—for example, by downloading more data than necessary to demonstrate the issue or deleting or modifying others’ data.
• Do not disclose the vulnerability until it has been resolved.
• Do not use attacks on physical security, social engineering, distributed denial of service, spam, or third-party applications.

What we promise:

• After you report your findings via YesWeHack, our security team will evaluate your report.
• YesWeHack handles all submissions with strict confidentiality and will not share your personal information with third parties without your consent.