At GoodUp, we take the security of our platform and the data entrusted to us seriously. Despite our efforts to maintain a secure environment, vulnerabilities may still exist.

If you discover a security vulnerability in any of our systems, we encourage you to report it responsibly so we can investigate and address the issue as quickly as possible.

How to Report

Please send your findings to: support@goodup.com

When reporting a vulnerability, please include:

• A clear description of the issue

• Steps to reproduce the vulnerability

• The potential impact of the vulnerability

• Any supporting screenshots, logs, or proof-of-concept code

Our Commitment

When acting in good faith, we commit to:

• Acknowledge receipt of your report within 5 business days

• Investigate the reported vulnerability promptly

• Keep you informed about the progress of our investigation

• Not pursue legal action against researchers who follow this policy

What We Ask of You

Please:

• Do not exploit the vulnerability beyond what is necessary to demonstrate its existence

• Do not access, modify, or delete data belonging to others

• Do not disrupt the availability or performance of our services

• Do not publicly disclose the vulnerability until we have had a reasonable opportunity to resolve it

Scope

This policy applies to GoodUp’s websites, applications, APIs, and supporting infrastructure owned and operated by GoodUp.

We appreciate the efforts of security researchers and the wider community in helping us keep our platform secure for all users.