Voluntary Disclosure Policy

We take security seriously and welcome the contribution of external security researchers to help us ensure the security and privacy of our users. Please review the following policy before you disclose a potential security vulnerability.

Reporting a Security Vulnerability

If you discover a security issue or vulnerability in a User Interviews service, we ask that you report this to us confidentially by emailing security@userinterviews.com.

Please provide as many relevant details as you can, such as:

  • How the vulnerability can be exploited and the potential impact
  • How you discovered the vulnerability and clear steps to reproduce
  • Any proof of concept attack and/or images showing the attack vector
  • Any known patches or controls to mitigate the vulnerability

If you wish to be recognized in our Hall of Fame, please also provide your name/handle and a link for recognition (e.g., LinkedIn, Twitter, or personal website). See the “Recognition” section below for additional information.

Requirements and Exclusions 

As long as you adhere to the following parameters when reporting an issue to us, we will not pursue or support any legal action related to your research. 

Requirements:
  • Do not access, destroy, or negatively impact User Interviews’ or its users’ data in any way.
  • Do not use automated scanners. The use of automated scanners may result in investigative action and your IP address being blocked.
  • Make every effort to avoid privacy violations and interruption or degradation of User Interviews’ services during your research.
  • Do not conduct any type of physical or electronic attack against User Interviews’ personnel.
  • Do not violate any laws or breach any prior agreements.
  • Keep information about any vulnerabilities you’ve discovered confidential until we’ve had 90 days to investigate your report and carry out any necessary remediation.
In Scope:
  • *.userinterviews.com
Out of Scope:
  • Findings from applications or systems not in scope
  • Findings that do not demonstrate a security impact to a site or application in scope
  • Any services hosted by third-party providers and third-party services
  • Findings derived primarily from social engineering (e.g., phishing, vishing)
  • UI and UX bugs and spelling mistakes
  • Network-level Denial of Service (DoS/DDoS) vulnerabilities
Things we do not want to receive:
  • Personally identifiable information (PII)
  • Financial account information (e.g., bank account number, credit card holder data)
Recognition 

We do not currently have a bug bounty program in place but will update this page with relevant information if one is instituted. In addition, we are happy to recognize your contribution in our Security Hall of Fame below if you provide your name/handle and a link for recognition.


We reserve the right to only credit researchers who have reported an issue that is proven and of sufficient severity.

Hall of Fame 

A special thanks to the following people who have responsibly disclosed vulnerabilities to User Interviews:

This could be you!

Talk to users today. Seriously, we're fast.

Sign up freeBook a demo
the UI icon in an illustrated group of moving lines that resembles a comet
Product
RecruitResearch HubPricingIntegrations & APIsPanel ReportsSecurityRelease Notes🌟 Get a Demo
Researcher Resources
Help CenterUser Interviews AcademyField GuideBlogPodcastLaunch KitsEventsFree Research TemplatesIncentive CalculatorSubscribe to our newsletter
LinkedIn social iconFacebook social icon
Participant Resources
Help CenterBrowse All StudiesFocus Groups StudiesDiary StudiesInterviews StudiesUser Tests & SurveysRefer a Participant
Facebook social icon
Company
About UsCase StudiesPartnershipsCareers
Compare
User Interviews vs. UserTestingUser Interviews vs. UserZoomUser Interviews vs. Respondent
© 2025 User Interviews Inc.  All rights reserved.
Researcher Terms | Participant Terms | Privacy Policy | CA Privacy Notice