Security

Security Vulnerability Disclosure

Basis is committed to the security of our products and the safety of our consumers.

How to Report a Security Vulnerability

If you discover a security vulnerability in any Basis product or service, we want to hear from you. We take security issues seriously and appreciate responsible disclosure.

Contact Us

• security@wearebasis.com
• If your report contains sensitive data (e.g., PII, credentials), please encrypt your email using our PGP Key (https://www.wearebasis.com/.well-known/pgp-key.txt).
• We will acknowledge your report within 48 hours.

What to Include

• Description of the vulnerability
• Affected product and version
• Steps to reproduce (if known)
• Do not include sensitive customer data in your initial report.

Guidelines & Exclusions (Out of Scope)

To remain in good standing, you must NOT:

• Perform Denial of Service (DoS or DDoS) attacks
• Use Social Engineering (e.g., phishing) against our employees or customers
• Attack physical security of our offices or infrastructure
• Use automated scanners that degrade service performance

Safe Harbor

Basis will not pursue legal action against researchers who:

• Report vulnerabilities solely through the contact channel above
• Do not access, view, or modify customer data (use your own test accounts)
• Act in good faith and adhere to these guidelines

Last Updated: February 2026