Responsible Vulnerability Disclosure Program

Keeping Flo users safe is our highest priority. We value the help of skilled security researchers to assist in keeping our app secure.

Partnership with HackerOne

We pay anyone who reports a valid vulnerability (verified by the HackerOne triage team) to us exclusively through HackerOne.

HackerOne is the only platform we use to reward security researchers. Any other means of communicating vulnerabilities — such as emails, calls, or customer service inquiries — will not be rewarded.

Found a vulnerability?

If you believe you have found a vulnerability please use the following form for submission: