At Flex, we believe in Linus’ law - that technology works better when we work together. Data priority is our top priority.
If you believe you’ve found a security vulnerability in Flex’s service, please notify us. We’ll work with you to resolve the issue promptly.
If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at firstname.lastname@example.org. We will acknowledge your email within 72 hours.
We ask that you provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve priority 1 zero day issues within 72 hours of disclosure and priority 2 critical issues within 30 days of disclosure.
We ask that you make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Flex service. Please only interact with accounts you own or for which you have explicit permission from the account holder.
While researching, we ask that you refrain from:
- Distributed Denial of Service (DDoS)
- Social engineering or phishing of Flex employees or contractors
- Any attacks against Flex’s physical property
Thousands of people rely on Flex technology each month to pay critical bills. Thank you for helping keep the service healthy and our users safe.