Product security & responsible disclosure
Our commitment to security
At Planet, we take security seriously. We strive to protect our users and partners by continually improving the security of our products and services. We welcome collaboration with security researchers and the community to responsibly disclose vulnerabilities.
How to report a vulnerability
If you discover a potential security issue, we encourage you to report it to us responsibly. Please contact our security team at:
- Email: infosec@planetpayment.com
- PGP Key: Download (optional)
Your report should include:
- Product or service affected
- Type of vulnerability
- Step-by-step reproduction
- Potential impact
- Any recommended mitigations
Responsible disclosure guidelines
We will investigate legitimate reports and work to quickly correct any vulnerability. To help us resolve issues as quickly as possible, please do not publicly disclose any findings until we have confirmed and mitigated the vulnerability. You can expect from us:
- Acknowledgment of your report within 3–5 business days
- Status updates as we investigate and resolve the issue
- Public recognition on our "Thank You" page
- No legal action for good-faith research efforts
To encourage responsible reporting, we will not take legal action provided you act in good faith and comply with these guidelines. The following issues are considered out of scope for our program:
- Social engineering or phishing
- Denial of Service (DoS/DDoS) attacks
- Missing security headers without impact
- Use of outdated libraries without an exploit
- Rate-limiting or brute-force attacks
- Vulnerabilities in third-party services not owned by us