Welcome and thank you for helping us keep EveryTransfer safe and secure. We appreciate your interest in reporting potential security vulnerabilities responsibly.
1. Purpose
We place high importance on the security of our systems and users. Despite our efforts, there may be vulnerabilities in our services. If you discover a possible security weakness in our platforms, we invite you to report it so we can address it promptly.
2. Scope – What is in scope
The following services are considered within scope for responsible disclosure:
- The EveryTransfer.com web application and its associated services.
- Any iOS or Android mobile applications that we officially publish.
- APIs or backend services that are part of our platform and publicly exposed or accessible by users.
3. Scope – What is out of scope
The following are not in scope for this policy:
- Services or applications we do not control (e.g., third-party integrations, browser extensions built by others).
- Physical security, social engineering attacks, or denial-of-service (DoS) style attacks.
- Research or testing that affects non-production environments, staging systems, or test versions not accessible by general users.
- Spam, phishing or other abusive activity not directly tied to a technical vulnerability.
7. Legal & Limitations
- This policy does not allow access to our systems in ways that are illegal or against our terms of service.
- If you breach applicable law or this policy’s guidelines, we reserve the right to pursue legal action.
- The policy applies only to the systems and scope defined above; other systems not clearly listed are not covered.
8. Changes to This Policy
We may modify or withdraw this policy at any time. Such changes apply to submissions after the change becomes effective.
9. Contact
If you have questions or wish to make a submission, please reach out to:
Email: support[at]everytransfer.com
Website: https://everytransfer.com