Trust, Safety & Security Last update 1 year ago

Responsible Disclosure of Security Vulnerabilities


At Workfyx, we take security seriously and make all reasonable efforts to protect your data while visiting our site. It can be difficult to stay on top of web security developments, because both new and old products might develop flaws. In particular, the highly technical freelancers on Workfyx are part of a fantastic community of extremely skilled users. When people discover a security hole, we want to hear about it as soon as possible.


Personal Details


Privacy is important to Workfyx. We will never sell or give away your private information, and we take the security of your data very seriously.


Safe Payments


The Workfyx platform handles all financial transactions. We take care of all the technicalities and keep your information safe, whether a customer pays with a credit card, PayPal, or another method. As a Level 1 PCI-DSS service provider, Fiverr is dedicated to the highest levels of security.


Secure Communications


Our encrypted messaging system allows you to privately communicate and share files with any client on Workfyx.


Please submit vulnerabilities to:


security-reporting@workfyx.com


Only security related submissions will be considered. If you wish to encrypt your submission please use the following PGP key.

If you require site-related support please visit the Customer Support Page.


Do not engage in malicious activity


Examples include denial of service, viewing another user's private data or modifying data without authorization.


Guidelines


Workfyx values the contributions of researchers who help keep our platform safe. Researchers who responsibly disclose vulnerabilities in accordance with these principles will not be subject to private legal action or public investigation on our part:


  • is immediately reported to Workfyx via the above email.
  • has not been published anywhere.
  • it is hosted on a Freelancer-owned domain (such *.workfyx.com).
  • it can be confirmed by our security team.


Please include the following information in your submission:


  • proof of concept, demonstration of the flaw, or proof of vulnerability
  • a comprehensive set of instructions on how to exploit the flaw
  • a valid email address where we can reach you recognition

The security team reserves the right to offer the following incentives for particularly significant vulnerabilities:


  • researcher's name or company's name added to the Security Hall of Fame; researcher's
  • Workfyx.com account receives a White Hat badge (shown below).