A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

Contact:
	We are currently operating an invite-only bug bounty with Intigriti. In
	order to participate, please register with Intigriti
	(https://login.intigriti.com/account/register). Then send an email to us at
	security@personio.de with your @intigriti.me email address. We will then
	invite you to our bounty program. Once onboard, you will be able to review
	our bounty terms and scope, and safely share your findings with the team.
Contact: security@personio.de
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/C921305FC1B574C16533ACA4B3E23F29B4B09BE1
Expires: 2022-11-03T00:00:00.000Z
Preferred-Languages: English
Canonical: https://personio.com/.well-known/security.txt
Policy: https://personio.com/data-security/