1. Introduction

At Work Pilots, we take security seriously and appreciate the efforts of ethical hackers and security researchers who help improve our security posture. If you believe you have discovered a security vulnerability in our systems, we encourage you to report it to us responsibly.

2. Scope

This policy applies to:

• All WorkPilots domains for example *.workpilots.com, *.workpilots.fi and our mobile apps

3. Reporting a Vulnerability

If you believe you have found a security vulnerability, please email us at info@workpilots.com with the following details:

• A clear description of the vulnerability.
• Steps to reproduce the issue (proof-of-concept if possible).
• Any potential security impact.
• Your contact information.

Please do NOT:

• Perform any activity that could disrupt our services (e.g., DDoS attacks).
• Use exploits to access, modify, or extract data beyond what is necessary for proof-of-concept.
• Disclose vulnerabilities publicly before we have had a reasonable time to investigate and address them.

4. Our Commitment

• We will acknowledge your report as soon as possible.
• We will investigate and aim to fix valid vulnerabilities in a timely manner.

5. No Compensation Policy 

At this time, we do not offer a paid bug bounty program. However, we appreciate responsible disclosures.

6. Legal Considerations

By submitting a vulnerability report, you agree to act in good faith and abide by this policy. We will not take legal action against people who follow responsible disclosure principles and act within the guidelines of this policy.