This page is intended for security researchers. To find out more about IRCCloud's security, please visit our privacy information __page.
If you believe you have found a security vulnerability on IRCCloud, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.
Please submit your report here and our security team will respond as soon as possible.
If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you.
Automated testing against IRCCloud is not allowed. If you use automated testing, your account will be banned and we will not award any bounties.
To show our appreciation for security researchers, we offer a monetary bounty for certain qualifying security bugs. Here is how it works:
To qualify for a bounty, you must:
We will assess each bug to determine if it qualifies.
The following bugs are generally not eligible for a bounty (and we do not recommend testing for these):
Please only report one bug per HackerOne issue. If you submit a bug report containing a video, you must also clearly describe the issue in the text of the report.
Please note that we are a small company with no dedicated security engineers. High-priority issues will be dealt with swiftly, but lower-priority issues may take some time to be fixed. We won't issue any rewards until fixes are deployed.
Contact us if you want more information.