Security & Vulnerability Disclosure

Last updated: December 14, 2025

We Value Security Researchers

At Trustpage, security is at the core of everything we do. We deeply appreciate the security research community and welcome responsible disclosure of any vulnerabilities you may find. Your efforts help us protect our users and improve our platform.

How to Report a Vulnerability

If you believe you have discovered a security vulnerability in Trustpage, please report it to us by sending an email to:

security@trustpage.io

For sensitive reports, please encrypt your email using our PGP key.

Download PGP Key

Please include in your report:

  • A detailed description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact of the vulnerability
  • Any proof-of-concept code or screenshots
  • Your suggested remediation (if any)
  • Your name/handle for Hall of Fame recognition (optional)

Our Commitment to You

Acknowledgment

We will acknowledge receipt of your report within 48 hours.

Communication

We will keep you informed about our progress as we investigate and remediate.

No Legal Action

We will not pursue legal action against researchers who follow this policy.

Recognition

With your permission, we will acknowledge your contribution in our Hall of Fame.

Response Timeline

48 hours
Initial acknowledgment of your report
7 days
Initial assessment and severity determination
30 days
Target resolution for critical vulnerabilities
90 days
Target resolution for non-critical issues

In Scope

  • trustpage.io and all subdomains
  • Customer trust center portals hosted on our platform
  • API endpoints and integrations
  • Authentication and authorization mechanisms
  • Data storage and transmission security

Out of Scope

  • Social engineering attacks against employees or users
  • Physical attacks against our offices or data centers
  • Denial of service (DoS/DDoS) attacks
  • Spam or social engineering techniques
  • Third-party services and applications we do not control
  • Vulnerabilities in outdated browsers or plugins
  • Issues that require physical access to a user's device

Responsible Disclosure Guidelines

To ensure a positive experience for everyone, we ask that you:

  • Give us reasonable time to investigate and fix the issue before public disclosure
  • Make a good faith effort to avoid privacy violations, data destruction, and service disruption
  • Do not access or modify data belonging to other users
  • Do not exploit the vulnerability beyond what is necessary to demonstrate it
  • Do not use automated scanning tools that generate excessive traffic
  • Report vulnerabilities promptly after discovery

About Monetary Rewards

At this time, Trustpage does not offer monetary rewards for vulnerability reports. However, we deeply value the contributions of security researchers and offer recognition through our Hall of Fame program.

As we grow, we plan to establish a formal bug bounty program. If you're interested in being notified when this launches, please mention it in your report.

Hall of Fame

We would like to thank the following security researchers for responsibly disclosing vulnerabilities and helping us improve the security of Trustpage:

Be the first to join our Hall of Fame!

Report a valid vulnerability to have your name listed here.

security.txt

In accordance with RFC 9116, we provide a machine-readable security contact file at:

https://trustpage.io/.well-known/security.txt

Contact

For security-related inquiries, please contact:

Trustpage Security Team

Email: security@trustpage.io

PGP Key: Download Public Key

Fingerprint: CECD 4386 27B9 E1EB F915 A7A6 4099 0EEA 3ED0 96F7