Responsible Disclosure Policy

FreeReconcile takes the security of its service and your data seriously. If you have discovered a security vulnerability, we want to hear about it.

Reporting a vulnerability

Please report any security vulnerabilities privately by emailing security@freereconcile.com.

Include as much detail as possible: a description of the vulnerability, steps to reproduce it, and any potential impact. Screenshots or proof-of-concept code are helpful.

What we ask

• Do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it.
• Do not access, modify, or delete other users' data.
• Make a good-faith effort to avoid disrupting the service.

What we commit to

• We will acknowledge your report within 2 business days.
• We will investigate and work to resolve confirmed vulnerabilities as quickly as possible.
• We will keep you informed of our progress.
• We will not take legal action against researchers who follow this policy in good faith.