Responsible Vulnerability Disclosure Program

Keeping Flo users safe is our highest priority. We value the help of skilled security researchers to assist in keeping our app secure. If you believe you’ve found a security vulnerability in our app, we encourage you to notify us.

In addition to a possible reward, we can put your name or a mutually agreed upon nickname on the list of Flo Hall of Fame Contributors.

Disclosure Policy

  • ​If you believe you’ve found a potential vulnerability, please email us in English at security@flo.health
  • We will respond to your email within five business days.
  • Please refrain from revealing a vulnerability to the public or a third party. Give us some time to resolve the vulnerability. We usually fix critical issues within two weeks of disclosure.
  • We would appreciate it if you avoid privacy violation, destroying data, interrupting, or degrading Flo services. 
  • Also, please only interact with domains you own or for which you have explicit permission from the account holder.

Exclusions

We treat security researchers with respect and expect the same attitude in return. So we would like you to refrain from:

  • Distributed Denial of Service (DDoS)
  • Spamming
  • Social engineering or phishing of Flo Health employees or contractors
  • Any attacks against Flo Health physical property

Deprecated projects which are out of Disclosure program scope:

  • Сourses.flo.health