Report a Vulnerability.
We welcome security researchers who help us keep our users safe. If you've found something, let's fix it together.
Our commitment.
We take the security of Invoice For Me seriously. If you've discovered a vulnerability, we want to work with you to fix it. Security is a shared responsibility, and the research community plays a vital role in keeping the internet safe.
We're building a formal bug bounty program. In the meantime, we appreciate responsible disclosure and will acknowledge researchers who help us improve our security posture.
What's in scope.
What's out of scope.
How to report.
Send your findings directly to our security team via email. Please include as much detail as possible so we can reproduce and address the issue quickly.
security@invoiceforme.comPlease include in your report:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Your contact information
Safe Harbor.
We believe security research conducted in good faith makes everyone safer. We will not pursue legal action against researchers who:
Discover and report vulnerabilities responsibly — through our designated reporting channel, not through public disclosure.
Avoid accessing or modifying other users' data — test only with accounts you own or have explicit permission to use.
Give us reasonable time to address the issue before any public disclosure — we ask for 90 days, which is standard in the industry.
Do not exploit the vulnerability beyond what is necessary to demonstrate it — proof of concept is sufficient.
If you act in good faith and follow these guidelines, we consider your research to be authorized and will not initiate legal action against you.