Security disclosure policy
Report vulnerabilities to [email protected]
If you've found a security issue in Rebrandly—the dashboard, the API, our link infrastructure, or anything else under our control—report it to [email protected].
Rebrandly maintains a security.txt file at https://rebrandly.com/.well-known/security.txt following RFC 9116.
What to include in a report
To help us triage quickly, include:
- A clear description of the issue and its potential impact.
- Steps to reproduce, with example requests, payloads, or URLs where applicable.
- Your environment (browser, OS, API client, account, or workspace ID if relevant).
- Any proof-of-concept code or screenshots.
What happens next
Reports sent to [email protected] route directly to our engineering team for triage. We aim to acknowledge new reports promptly and will keep you updated on validation, remediation, and disclosure timing.
Out‑of‑scope activities
- Do not post vulnerability details in public GitHub issues, support chat, or social media.
- Do not access, modify, or exfiltrate data belonging to other users while testing.
- Do not run automated scanners that could degrade service availability for Rebrandly customers.
Researchers who act in good faith and follow these guidelines will not face legal action from Rebrandly.
Updated 5 days ago