Security Is Everyone’s Concern

Especially ours. Keeping your data secure against current & potential threats will always be our top priority.

How to Report a Security Problem

If you feel the issue is urgent or has some sensitive element involved, please send your report directly to security@compose.io. To ensure confidentiality in the reporting process, please use our public key. Doing this will also give us a secure way to respond to your concerns, usually within 24 hours. Please feel free to follow up or give us a ping on Twitter if you are concerned over getting an initial acknowledgment.

If your issue isn't urgent or sensitive, you should submit a support request where it will be handled through our normal support processes.

How We Manage Security Issues

To keep up with the latest in web security and to ensure our defences are effective, we work with security researchers. If you are a security researcher who is aware of a web security flaw that may affect our platforms and products, please let us know. Submitted reports will be…

Acknowledged
We will inform you of the best way to keep track of the issue.
Investigated
We will look into the issue and work out how it affects our systems. Although we won't disclose the issues until the investigation is completed, we will work with you so that all involved fully understand the issue.
Credited
We will publicly thank the reporter for discovering and helping us correct a security issue on this page.

Our products are built on a wide range of technologies and issues reported may be an issue with one of those technologies. Where that is the case, we will work with the communities and companies behind those technologies to ensure that they are protected from the same issue and avoid a situation where early public disclosure leaves others at risk. With that in mind, we ask for your understanding and patience in advance and assure you that is such a step is necessary that we will keep you informed.

Big Thanks

We'd like to thank the following security researchers and companies whom have worked with us to keep Compose as secure as possible by finding, fixing, and responsibly disclosing security flaws: