Simple Finance Technology Corp., the creator of Simple, meets all industry standards to safeguard your data. We use a variety of methods to secure our network and servers as well as our software and web applications. Our data retention and business continuity plans are comprehensive and our employees maintain organizational security measures designed to keep your data safe.
Simple understands the devotion and effort that security work requires. As such, we encourage (and reward) the responsible disclosure of any vulnerabilities to us. Responsible disclosure means:
Vulnerabilities that are "responsibly disclosed" according to the above process are welcomed. Simple will not seek to bring legal action against any person who adheres to this process of responsible disclosure. Additionally, severe vulnerabilities are eligible for a vulnerability reward.
Simple uses Bugcrowd to manage vulnerability submissions and for reward distribution. For more details about the scope and terms of our program, go to https://bugcrowd.com/simple and sign up as a tester. If you have identified a vulnerability, please report it via Bugcrowd to be eligible for a reward.
You may also contact us with any security concerns, or security suggestions at firstname.lastname@example.org. All security-related emails that are signed with Simple Security's official key (if you are using GPG and have imported our public key) may be verified using `gpg --verify`.
The Simple Security team's official GPG key has an ID of `79FF66A9` and may be retrieved from public key servers using a command like: `gpg --recv-keys 79FF66A9`. If you are able, please use that key to encrypt any messages regarding security sent to Simple. The fingerprint for that key is `E034 918A BA56 1DD0 6CAF 46D8 C472 1EA0 79FF 66A9`.
The following researchers have submitted reports to Simple that have contributed to the continuing security of Simple's services and we would like to gratefully acknowledge their efforts.
Get the smarter way to save and spend.