Security Policy

Our Security

As you would expect for a service providing security tools, we take security seriously ourselves. We use separate environments for development, staging and production. All data is stored in the cloud, in datacenters managed by AWS and secured to standards including SOC 1/SSAE 16/ISAE 3402, SOC 2, SOC 3 and ISO 9001 / ISO 27001. Access to production and related systems is secured by two-factor authentication.

Your Security

Sign in to our service is by confirmation email only. We take steps to secure your account by pinning your log-in to your IP address and browser fingerprint, limiting the duration of session and sign-in tokens, and limiting the number of simultaneous sessions, but the security of your account is still your responsibility. Anyone with access to read your email will have access to your account.

Reporting Security Issues

You may report potential security issues to contact@traitorbird.com. We regret that we cannot offer payment for security reports, however we appreciate your diligence in reporting issues to us, and we will provide credit on this page for reports of serious issues.

Please include a description of the problem, and a proof of concept or steps necessary to reproduce the issue in any report.