Security disclosure policy
Report vulnerabilities to [email protected]
If you've found a security issue in Rebrandly—the dashboard, the API, our link infrastructure, or anything else under our control—report it to [email protected].
Rebrandly maintains a security.txt file at https://rebrandly.com/.well-known/security.txt following RFC 9116.
What to include in a report
To help us triage quickly, include:
- A clear description of the issue and its potential impact.
- Steps to reproduce, with example requests, payloads, or URLs where applicable.
- Your environment (browser, OS, API client, account, or workspace ID if relevant).
- Any proof-of-concept code or screenshots.
What happens next
Reports sent to [email protected] route directly to our engineering team for triage. We aim to acknowledge new reports promptly and will keep you updated on validation, remediation, and disclosure timing.
Out‑of‑scope activities
- Do not post vulnerability details in public GitHub issues, support chat, or social media.
- Do not access, modify, or exfiltrate data belonging to other users while testing.
- Do not run automated scanners that could degrade service availability for Rebrandly customers.
Researchers who act in good faith and follow these guidelines will not face legal action from Rebrandly.
Updated 26 days ago