Flows.Trading welcomes security research and responsible disclosure of potential vulnerabilities. If you discover a security issue, we want to hear from you.
Reporting Channels #
Primary Contact:
- Email: security@flows.trading
Emergency Contact:
- Available 24/7 for critical security issues
- Use the primary contact email and mark subject as “CRITICAL SECURITY ISSUE”
PGP Encryption:
- Public key available at flows.trading/pgp for encrypted communications
- Use for sensitive vulnerability details
Responsible Disclosure Process #
Flows.Trading encourages responsible security research and is committed to collaborating with the security community to protect users.
If you discover a vulnerability:
Report privately first:
- Do not publicly disclose the vulnerability before reporting it.
- Email security@flows.trading with detailed information.
Provide sufficient detail:
- Technical description of the vulnerability
- Steps to reproduce the issue
- Potential impact and severity assessment
Do not cause harm:
- Do not access other users’ data or accounts.
- Do not cause any service disruption or data loss.
- Only test on your own accounts.
Allow time for remediation:
- Give us a reasonable timeframe to fix the issue before publishing details.
- Coordinate disclosure timing with our security team.
Our Response Process #
Acknowledgment:
- We will acknowledge receipt of your report within 24 hours.
Assessment:
- Technical assessment begins within 5 business days.
- We may contact you for additional information or clarification.
Resolution:
- Fixes are prioritized based on severity and impact.
- Critical issues are patched immediately; lower-severity issues follow our release schedule.
Acknowledgment:
- With your permission, we provide public acknowledgment for your contribution.
- Researchers are credited on our security acknowledgments page.
Safe Harbor Policy #
Legal protection for good-faith research:
- Flows.Trading will not pursue legal action against individuals who follow this responsible disclosure process.
- We consider good-faith security research to be authorized and legal activity.
When legal action may occur:
- Malicious activity or intentional harm to users
- Theft or exfiltration of user data
- Service disruption or denial-of-service attacks
- Extortion or demands for payment
Coordination with law enforcement:
- Only occurs in cases involving malicious activity or intentional harm.
- Good-faith researchers operating within our guidelines will not be reported.
■ Try it now: If you have security experience, review our security practices and consider participating in responsible disclosure research to help improve platform security.
Security and privacy are foundational to your experience on Flows.Trading. By using strong passwords, following API key best practices, and understanding your privacy rights, you can trade with confidence knowing your data is protected.
Always remember: security is a shared responsibility. While Flows.Trading implements robust protections on the platform side, you must also secure your own devices, networks, and credentials. Together, we create a safer trading environment for everyone.
