Y Combinator considers the security of our systems and applications to be of the utmost importance.
Y Combinator uses a variety of tools and techniques to help protect our data and software. We employ on-prem and cloud services, both of which receive routine review for safety.
Y Combinator welcomes input from the security research community. Through responsible disclosure we are hoping to advance the cause of improving the security of our applications and user data. To that end, we encourage security researchers to notify us of any potential vulnerabilities uncovered. Reports received through this channel should receive a prompt reply and if you do not receive a timely response we ask that you please attempt to contact us again. To protect our users we also request that you please refrain from sharing information about any potential vulnerabilities with anyone outside of YC. Once we have confirmed the vulnerability and mitigation we hope that you will join us in an announcement.
While researching, we'd like to ask you to refrain from:
Thank you for helping keep Y Combinator and our users safe!
Contact us if you want more information.