We take the security of our platform and our customers’ data seriously. We welcome reports of potential security vulnerabilities, even though we do not operate a formal bug bounty program at this time.
How to Report
- Email security@myturn.com
- Include a plain-text description of the issue and steps to reproduce.
- Do not send attachments or links unless requested.
- Include the specific URL(s) or system(s) affected.
Scope
- Reports should relate to myTurn’s production systems, applications, or services.
- Issues on third-party services we use (e.g., payment processors) should be reported directly to them.
What to Expect
- We will acknowledge receipt of your report, typically within 5 business days, likely much faster.
- We will investigate and address confirmed issues as quickly as possible.
- If you wish to be publicly credited, let us know — otherwise we will keep your report confidential.
Safe Harbor
We will not pursue legal action against researchers who:
- Report vulnerabilities in good faith;
- Avoid privacy violations, destruction of data, or service disruption;
- Comply with applicable laws.
No Bounty Program
We do not currently offer monetary rewards for vulnerability reports at this time.
Thank you for helping us keep myTurn secure.