Content-Security-Policy: frame-ancestors 'self'
top of page

Vulnerability reporting policy

Effective date: December 2023

At, we prioritize trust and protecting our customer's data seriously.

We value the contribution of independent security researchers in enhancing internet security. That's why we urge responsible reporting of any vulnerabilities detected in our site or apps. We promise to collaborate with security researchers in validating and fixing any potential vulnerabilities that come to our attention. Before testing or reporting a vulnerability, please take a moment to review these terms. At, we promise not to pursue legal action against researchers who attempt to penetrate our systems as long as they comply with this policy.

Testing for security vulnerabilities:

When conducting vulnerability testing on our online services, using any corebapp platforms or apps, if available, is essential to communicate in detail with us. Additionally, we recommend using test or demo accounts for all testing purposes and announcing your plans to our security team at  

Reporting a potential security vulnerability:

  • Privately share details of the suspected exposure with the corebapp platform by sending an email to

  • Provide full details of the suspected vulnerability so the security team may validate and reproduce the issue. does not permit the following types of security research:

We encourage you to report any vulnerabilities you may discover responsibly, but please note that the following actions are strictly prohibited.:

  • Engaging in activities such as spamming, brute force attacks, or denial of service that can harm, any of its online entities, or its users 

  • Trying to get into data or information that is not yours.

  • It is important to refrain from destroying, corrupting, or trying to destroy or corrupt data or information that does not belong to you.

  • Conducting any physical or electronic attack on personnel, property or data centers

  • Social engineering any service desk, employee or contractor

  • Conduct vulnerability testing of participating services using anything other than test accounts specifically designed for it

  • Violating any laws or breaching any agreements to discover vulnerabilities

The security team commitment:

Please refrain from sharing or making public any unresolved vulnerabilities with third parties. If you decide to submit a report on a vulnerability, the security team at and their associated development organizations will make reasonable efforts to address the issue responsibly.

  • Respond promptly, acknowledging receipt of your vulnerability report

  • Provide an estimated time frame for addressing the vulnerability report

  • Notify you when the vulnerability has been fixed


At, we would like to express our gratitude to all the researchers who submit vulnerability reports. Your efforts help us enhance our security posture. Thank you!

How to Contact Us

Contact our Data Protection Office for privacy inquiries or concerns. We welcome your feedback and are happy to assist you.


Contact details are available below:

Data Protection Office
Legal Department
32-34 Drumul Bacriului St.,

Rosu 077042, Romania

Email Address:

bottom of page