A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

Contact:
	We are currently operating an application based bug bounty program with Intigriti. 
	In order to participate, please register with Intigriti (https://login.intigriti.com/account/register). 
	Then go to the following link and apply (https://app.intigriti.com/researcher/programs/personio/personio/). 
	We will then review your application and accept you into our bounty program. 
	Once onboard, you will be able to review our bounty terms and scope, and safely share your findings with the team.
Contact: security@personio.de
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/776168C5C62BBBA35281766EC616C9FA6AE023DC
Expires: 2026-02-14T00:00:00.000Z
Preferred-Languages: English
Canonical: https://personio.com/.well-known/security.txt
Policy: https://personio.com/data-security/