Report a Security Issue
If you have discovered a security vulnerability, privacy concern, or any issue that may affect the security of WAYSCloud services or customer data, we encourage you to report it directly.
We take all reports seriously and will not take legal action against anyone who reports in good faith and follows responsible disclosure practices.
Security Inbox
RSA-4096 — Vulnerability reports, security disclosures
Active since Mar 2026, expires Mar 2031
Encrypted Report Form
Your message is encrypted in your browser using our PGP public key before submission. Only our security team can read it.
What to Include
- Description of the vulnerability or concern
- Steps to reproduce (if applicable)
- Affected service, URL, or endpoint
- Potential impact as you understand it
- Your contact information (for follow-up)
What to Expect
- Acknowledgment within 2 business days
- Initial assessment and severity classification
- Regular updates until the issue is resolved
- Credit in our Trust Center report, if you wish
Responsible Disclosure
We ask that you do not publicly disclose the issue until we have had a reasonable opportunity to address it. We commit to working with you openly and resolving issues promptly.
If the issue results in a published Trust Center report, we will reference the disclosure appropriately unless you prefer to remain anonymous.
For more about our security practices, see the WAYSCloud Security page.