Responsible Disclosure Policy

When a potential security vulnerability is reported, it is handled with the highest priority until properly addressed. You can find our responsible disclosure policy below.

Reporting security vulnerabilities and responsible disclosure policy

If you believe that you have found a security vulnerability on EnjoyHQ, we encourage you to let us know straight away. We will investigate all legitimate reports and do our best to quickly fix the problem. Before reporting though, please review this page, including our responsible disclosure policy.

Responsible Disclosure Policy

EnjoyHQ aims to keep its service safe for everyone, and data security is of utmost priority. If you are a security researcher and have discovered a security vulnerability in the service, we appreciate your help in disclosing it to us in a responsible manner.

Your findings must fit the criteria below:

  1. serious vulnerability (and not just a zero or low-risk XSS)
  2. Discovered during routine use of the service as an actual user – not via an unauthorized pen test or an automatic scan,
  3. Applicable to the web application only located at, and not the following domains:
  •  marketing site:
  •  this documentation site
  • any other sub-domains of either or

Share the details of any suspected vulnerabilities with EnjoyHQ's Security Team by sending using the following e-mail address:

Submit a request

Please do not publicly disclose these details without express written consent from EnjoyHQ. In reporting any suspected vulnerabilities, please include the following information:

  • Vulnerability details with information to allow us to efficiently reproduce your steps
  • Your name & email address
Our Commitment:

If you identify a verified security vulnerability in compliance with this Responsible Disclosure Policy, EnjoyHQ commits to:

  • Promptly (within 5 business days) acknowledge receipt of your vulnerability report
  • Provide an estimated timetable for resolution of the vulnerability if the vulnerability is accepted
  • Notify you when the vulnerability is fixed
  • Publicly acknowledge your responsible disclosure

Please provide any feedback you have on this article. Your feedback will be used to improve the article and should take no more than 5 minutes to complete. Article evaluations will remain completely confidential unless you request a follow-up. 

Was this article helpful?
0 out of 0 found this helpful