---

Security at Reflective

We take security and our customer's data seriously. We follow best practices around encryption, access control, software patching, and vunerability detection. We also welcome any feedback, concerns, or questions you have.

If you believe you have found an issue or would like to disclose an issue, email us at security@reflective.co.

Disclosure Policy

Any findings and disclosures must:

1. Not disrupt or impact site health and performance while evaluating.
2. Not be disclosed publicly until we have been given time to mitigate the issues.
3. Be encrypted if contains any sensitive data.
4. Sent to security@reflective.co with categorization and any proof of concept.

Reflective will:

1. Respond within 72 hours of disclosure.
2. Mitigate findings and work with researcher to understand impact.
3. Provide public disclosure of incident and accredit researcher for finding the issue.
4. Disclosure to users vulnerability and it's impact to their data.

We do not have a bug bounty at this time.

Keys

• Encryption
• Signature

Disclosures

None at this time.