Security

Deed takes the security of our users seriously. We follow industry standards and are compliant with local regulation and security frameworks. For more information on these, see our Trust and Compliance page.

We want to work with members of the broader internet ecosystem to ensure a high-level of safety for all internet users, and we are always looking for feedback and reports of potential security vulnerabilities.

Reporting Potential Vulnerabilities

If you believe you have found a vulnerability in our system, please send us an email at security@joindeed.com.

Our bug bounty program does not have payouts because we don't believe in exploiting unpaid labor for unspecified payments. We make the choice to pay pentesters. However, to show our thanks if you find a vulnerability, we can send you some Deed swag and put you in our Security Hall of Fame.

Things to include in your vulnerability report are:

  • Steps to reproduce the vulnerability or a proof of concept of an attack
  • How you discovered vulnerability in the first place
  • Any impacted URLs or user accounts

Parts of the application that are out of scope for acceptance into the Hall of Fame are:

  • E-mail related vulnerabilities including but not limited to SPF records, DMARC records, and DKIM configuration

Ethical Hacking

If you are going to engage in security research on our product, we ask the following of you:

  • Do not test against genuine user accounts. Always create your own.
  • Do not test how far you can get once breaching the app. Achieving privilege escalation or RCE is sufficient to demonstrate the vulnerability. The Deed security team will investigate the consequences of the vulnerability ourselves.
  • Do not disclose the vulnerability publicly. This can harm end users. We will patch the vulnerability and notify you when you can publish your findings.

Security Hall of Fame

As part of our bug bounty program, we want to publicly acknowledge the researchers who have found vulnerabilities and responsibly disclosed them to us.

(The Hall of Fame is empty at the moment, so poke around our app and become the first.)



PLATFORM
Employee GivingEmployee VolunteeringEmployee EngagementReporting & AnalyticsDeed Communities for DEIBSlack AppTrust & ComplianceSecurityFor NonprofitsIntegrations
RESOURCES
ToolkitsMediaBlogBrand Book + Press Kit
BlogToolkitsMediaPress
COMPANY
Why Deed?Our ValuesHow Deed Got StartedMeet the TeamCareers
REQUEST A DEMO
San Francisco, 88 Kearny St.
Berlin, Skalitzer Strasse 104
NYC, 185 Wythe Ave.
2023 ᄅ Go Deed Inc. - All Rights Reserved
Privacy Policy
Terms of Use
Data Privacy
PLATFORM
Employee GivingEmployee VolunteeringEmployee EngagementReporting & AnalyticsDeed Communities for DEIBSlack AppTrust & ComplianceSecurityFor NonprofitsIntegrations
RESOURCES
ToolkitsMediaBlogBrand Book + Press Kit
BlogToolkitsMediaPress
COMPANY
Why Deed?Our ValuesHow Deed Got StartedMeet the TeamCareers
REQUEST A DEMO
San Francisco, 88 Kearny St.
Berlin, Skalitzer Strasse 104
NYC, 185 Wythe Ave.
2023 ᄅ Go Deed Inc. - All Rights Reserved
Privacy Policy
Terms of Use
Data Privacy