If you believe that you've discovered a security or privacy vulnerability that affects Orangedox services, please report it directly to us on the web at support@orangedox.com. Reports should include specific products that you believe are affected; a technical description of the behavior that you observed and the behavior that you expected; the steps required to reproduce the issue; and a proof of concept or exploit.
You can also request to join our HackerOne program, note that we only accept higher-risk issues with this program.
We evaluate all eligible research for rewards, though keep in mind we're a small company so the rewards will be proportionate to the severity of the issue discovered.
