# Security

{% hint style="info" %}
Security is one of the biggest considerations in everything we do. If you have any questions after reading this, or encounter any issues, please [let us know](mailto:security@opencollective.com).
{% endhint %}

## Vulnerability disclosure and reward program&#x20;

We believe that no technology is perfect and that working with skilled security researchers is crucial in identifying weaknesses. Our bounty program is a way to reward the security researchers that help us with this task. We also publish [postmortems](https://github.com/opencollective/opencollective/tree/main/postmortem) to document issues once they are fixed.

If you believe you’ve discovered a bug in Open Collective’s security, please get in touch at <security@opencollective.com>. We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by Open Collective.

We investigate legitimate reports and make every effort to quickly resolve vulnerabilities. To encourage responsible reporting, we will not take legal action against researchers nor ask law enforcement to investigate them providing they comply with [our security policy](https://github.com/opencollective/opencollective/blob/main/SECURITY.md) and more generally with the following guideline: Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services.

To learn more, see our [security bounty policy](https://github.com/opencollective/opencollective/blob/main/SECURITY.md).

## Payments security

### Credit cards

Open Collective doesn't store any credit card number, we're instead relying on our partner [Stripe](https://stripe.com) - a secure solution that is widely adopted by the industry. If our systems are compromised, we can't lose your credit card number because we simply don't have it.

[Learn more](https://stripe.com/docs/security/stripe) about Stripe's security.

## Login system

According to [Auth0](https://auth0.com/blog/is-passwordless-authentication-more-secure-than-passwords/):

> Passwordless authentication, by its nature, eliminates the problem of using an unsafe password. This means that one of the biggest user errors is taken out of your login. Not only is passwordless authentication safe to use, it might even be safer than a traditional username + password login.

[Learn more](https://docs.opencollective.com/help/product/log-in-system#about-security) about our login system.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.opencollective.com/help/product/security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.