Security
A reference about our practices and policies to ensure security and privacy across our services.
Last updated
Was this helpful?
A reference about our practices and policies to ensure security and privacy across our services.
Last updated
Was this helpful?
We believe that no technology is perfect and that working with skilled security researchers is crucial in identifying weaknesses. Our bounty program is a way to reward the security researchers that help us with this task. We also publish to document issues once they are fixed.
If you believe you’ve discovered a bug in Open Collective’s security, please get in touch at . We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by Open Collective.
We investigate legitimate reports and make every effort to quickly resolve vulnerabilities. To encourage responsible reporting, we will not take legal action against researchers nor ask law enforcement to investigate them providing they comply with and more generally with the following guideline: Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services.
To learn more, see our .
Open Collective doesn't store any credit card number, we're instead relying on our partner - a secure solution that is widely adopted by the industry. If our systems are compromised, we can't lose your credit card number because we simply don't have it.
about Stripe's security.
According to :
Passwordless authentication, by its nature, eliminates the problem of using an unsafe password. This means that one of the biggest user errors is taken out of your login. Not only is passwordless authentication safe to use, it might even be safer than a traditional username + password login.
about our login system.