Security & Vulnerability Disclosure

Last updated: May 31, 2026

We take the security of Databunker and our customers’ data seriously. If you believe you’ve found a security vulnerability in our website, customer portal, or products, we want to hear from you.

How to report

Email security@databunker.org with:

  • a description of the issue and where you found it,
  • steps to reproduce (a proof of concept if you have one), and
  • the potential impact.

Please report promptly and give us a reasonable opportunity to address the issue before disclosing it publicly.

Scope

In scope:

  • databunker.org (marketing website)
  • portal.databunker.org (customer portal)
  • the Databunker cloud products (Pro cloud, Radar, DPO)

Out of scope:

  • Self-hosted Databunker Pro running in a customer’s own environment — report those to the operating customer.
  • Third-party services we rely on — report to the respective provider.
  • Findings that require physical access, social engineering of our staff, or denial-of-service.

Safe harbor

We will not pursue or support legal action against security researchers who, in good faith:

  • follow this policy,
  • avoid privacy violations, data destruction, and degradation of our services,
  • only interact with accounts or data they own or have explicit permission to test, and
  • give us a reasonable time to remediate before any public disclosure.

We consider security research conducted under this policy to be authorized, and we will work with you to understand and resolve the issue.

Rules

  • Do not access, modify, or delete data that isn’t yours.
  • Do not run automated scans that degrade service, and do not perform DoS/DDoS attacks.
  • Do not use social engineering, phishing, or physical attacks against our people or facilities.
  • Keep vulnerability details confidential until we have had a reasonable opportunity to fix them (coordinated disclosure).

What to expect from us

  • We aim to acknowledge your report within 3 business days.
  • We will keep you informed as we investigate and remediate.
  • We do not currently offer monetary rewards, but we are grateful for your help and — with your permission — will credit you once the issue is resolved.

Contact

security@databunker.org