Deed takes the security of our users seriously. We follow industry standards and are compliant with local regulation and security frameworks. For more information on these, see our Trust and Compliance page.

We want to work with members of the broader internet ecosystem to ensure a high-level of safety for all internet users, and we are always looking for feedback and reports of potential security vulnerabilities.

Reporting Potential Vulnerabilities

If you believe you have found a vulnerability in our system, please send us an email at

Our bug bounty program does not have payouts because we don't believe in exploiting unpaid labor for unspecified payments. We make the choice to pay pentesters. However, to show our thanks if you find a vulnerability, we can send you some Deed swag and put you in our Security Hall of Fame.

Things to include in your vulnerability report are:

  • Steps to reproduce the vulnerability or a proof of concept of an attack
  • How you discovered vulnerability in the first place
  • Any impacted URLs or user accounts

Parts of the application that are out of scope for acceptance into the Hall of Fame are:

  • E-mail related vulnerabilities including but not limited to SPF records, DMARC records, and DKIM configuration

Ethical Hacking

If you are going to engage in security research on our product, we ask the following of you:

  • Do not test against genuine user accounts. Always create your own.
  • Do not test how far you can get once breaching the app. Achieving privilege escalation or RCE is sufficient to demonstrate the vulnerability. The Deed security team will investigate the consequences of the vulnerability ourselves.
  • Do not disclose the vulnerability publicly. This can harm end users. We will patch the vulnerability and notify you when you can publish your findings.

Security Hall of Fame

As part of our bug bounty program, we want to publicly acknowledge the researchers who have found vulnerabilities and responsibly disclosed them to us.

(The Hall of Fame is empty at the moment, so poke around our app and become the first.)