Security & compliance

Responsible disclosure

We take the security of our platform and the protection of our users' data seriously, and we welcome the responsible disclosure of security vulnerabilities from the research community.

Scope

This policy covers security vulnerabilities found in:

• Our web applications and APIs
• Authentication and authorization mechanisms
• Data handling and storage processes

Guidelines

• Provide detailed reports with reproducible steps.
• Give us reasonable time to address the issue before any public disclosure.
• Do not access, modify, or delete data belonging to other users.
• Do not perform actions that could degrade the availability of our services.
• Do not use automated scanning tools in a way that generates excessive traffic.

Out of scope

• Social engineering attacks
• Denial-of-service attacks
• Issues in third-party services or applications
• Vulnerabilities requiring physical access to a device

How to report

Email us at hello@getwrappedhealth.com and include a description of the vulnerability and its potential impact, steps to reproduce, and any relevant screenshots or proof of concept. We'll acknowledge receipt and work with you to address the issue.

Recognition

We appreciate the efforts of security researchers who help keep Wrapped Health and our users safe. We work with the security community in good faith and will not pursue legal action against researchers who follow these guidelines.