Responsible Disclosure Statement

Bureau Works takes security and privacy very seriously for our users, our products and our staff. If you have discovered a vulnerability in our products, websites or support infrastructure, we encourage your help in mitigation by disclosing it to us in a responsible manner.

Bureau Works will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Statement. A reported vulnerability will be validated, cataloged and addressed in accordance with our posted commitments to security and privacy, as well as our other internal practices.

If you are the first to report a specific vulnerability and include detailed information sufficient to reproduce that vulnerability in your initial report, there may be a reward available for the research effort.

Bureau Works will contact you if, at Bureau Works’s sole discretion, a reward is to be granted. Bureau Works assumes no obligation to further communication once a report is submitted.

Bureau Works will not take legal action against, suspend, or terminate access to the platform for those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Statement.

Bureau Works reserves all legal rights in the event of any noncompliance with the following guidelines:

  • Do not disclose a bug or vulnerability into the public domain, without written consent from Bureau Works.
  • If a vulnerability is discovered, you are not authorized to exploit the vulnerability to compromise or expose any data. Additionally, you are not authorized to access, view, modify, delete, copy, capture or share any data exposed by the vulnerability.
  • Do not perform DDOS / spam attacks or degrade services in any way
  • Do not use scanners or automated tools to find vulnerabilities.
  • Do not install programs, scripts, malware on any Bureau Works resource, or use the resources to control or distribute the same.
  • Never perform phishing, social engineering or physical attacks against our users, employees, or infrastructure.
  • Do not engage in any activities that violate applicable laws.

How to Report an Issue

If you believe you have discovered a vulnerability, please contact