Security
Security at InstaLaw.
Find a bug? Tell us. We'll fix it and credit you. Our users are people fighting tariff overcharges and blowing whistles — they trust us with words they can't take back.
Our submission form. Takes a few minutes, lands in the security inbox.
Safe harbor, SLAs, and what to expect from us after you submit.
Targets we want tested, and the ones that are explicitly off limits.
Researchers who found something real and let us fix it first.
How the product is built, what we already do, and where we want eyes.
About bounties
We don't pay cash bounties yet — we're early stage and haven't raised for one. What we can offer: public credit on the Hall of fame, fast triage, and a genuine thank-you. When the money is there, we'll launch a real program.
Direct contact
Urgent or don't want to use the form? security@instalaw.io. Goes to the same place. If you want PGP, ask in your first email and we'll send a key.