Vulnerability Disclosure Policy

The security of our customers’ information and of any personal data is extremely important to us. We strive for the highest possible degree of security. Despite our constant efforts, issues can not be excluded completely. Therefore, if you have found any vulnerability or security issue, we strongly encourage you to report these to us so we can take the appropriate measures as soon as possible.

How to report a vulnerability?

For responsible disclosure please send an email describing the issue to security@weroad.com, outlining a step by step guide on how to reproduce the issue. We will then get back to you promptly.

In the meantime, please do not disclose vulnerabilities to others and do not exploit vulnerabilities any further than necessary to prove its existence. Data from legitimate users of the service must not be altered or destroyed.

We will work together with you to resolve the issue.

No legal actions, potential cooperation and reward

We will not take legal actions against you if you have reported the issue while following the responsible disclosure process.

We do not pay bug bounties (rewards) by default. However, we may offer you to conclude a consulting agreement and pay out a bug bounty in case you have reported a serious issue.