Security Vulnerability Disclosure Policy
At Cactus, we take the security and privacy of our users, customers, and partners seriously.
We welcome responsible disclosure of security vulnerabilities that may affect our services,
websites or systems.
Reporting a Security Vulnerability
If you believe you have discovered a security vulnerability, please report it to:
[email protected]
When submitting a report, please include:
- A clear description of the vulnerability.
- The affected system, application, or URL.
- Steps to reproduce the issue.
- Any supporting evidence, such as screenshots, logs, or proof-of-concept code.
- Your contact information in case we need additional details.
Our Process
Once a report is received, we will:
- Acknowledge receipt of the report.
- Review and assess the reported issue.
- Investigate and validate the vulnerability.
- Take appropriate remediation measures where necessary.
- Communicate with the reporter regarding the status of the report when appropriate.
Responsible Reporting Expectations
We ask security researchers to:
- Act in good faith and avoid actions that could harm users, systems, or data.
- Respect the privacy and confidentiality of any information encountered.
- Avoid accessing, modifying, or deleting data that does not belong to you.
- Refrain from disrupting services, degrading performance, or impacting availability.
- Not exploit vulnerabilities beyond what is reasonably necessary to demonstrate their existence.
- Comply with all applicable laws and regulations.
Privacy
Any personal data submitted as part of a vulnerability report will be processed
in accordance with Cactus’s Privacy Policy.
Bug Bounty Program
Cactus does not currently operate a bug bounty program and does not provide
monetary rewards for vulnerability reports.
We appreciate the efforts of security researchers and responsible reporters
who help us improve the security of our products and services.
LAST UPDATE: June 10, 2026