FormAssembly appreciates the role the security research community plays in encouraging and increasing Internet security. Since our customers entrust us with storing their data, the security of that data is our first priority. To that end, we encourage you to report any vulnerabilities you may find in our applications.

If you find a security vulnerability, please send an email at Please provide full details of the vulnerability so that we will be able to reproduce it. Additionally, please provide the IP address and/or the account information used to perform the tests against our system. Failure to provide this information will result in an invalid report. If you deem it necessary, please use our public key to encrypt the message. We accept reports of any kind against any of our resources. We look forward to working with you.

If you have any concern or question regarding the security of your own data on, please open a support request. To learn more about our service reliability and our operating procedures, please visit our service status site.


To qualify for an acknowledgment or bounty, a few guidelines must be followed.

First, the use of automated tests to identify bugs, flaws, or security risks is not permitted. Any use of automated tools will result in an invalid security report.

Second, you must avoid violating the privacy of other users, destruction of data, and interruption or degradation of service during your testing. If this provision is violated, you will be permanently disqualified from acknowledgments and future bug bounty programs and other additional recourse may be pursued if necessary.


We’d like to thank the following people for finding vulnerabilities in FormAssembly and for making responsible disclosures to us. These people provided information that helped solve a security issue, issues ranging from the trivial to the critical. All reports are accepted no matter how trivial the security issue may seem. And, by helping us fix the problem, you are providing an invaluable service worthy of acknowledgment. We thank you each of you for helping us strengthen FormAssembly’s security!


Hamid Ashraf
Lokesh Kumar


Ali Hasan Ghauri
Ajay Singh Negi, Prashant Negi, and Mahipal Singh Rajpurohit
Ashish Tikarye & Vishal Mandora
Bhuvanesh Dwivedi
Evan Ricafort
Faisal Ait Hamou
Garry Bacalso
Jaymark PestaƱo
Jayvardhan Singh (Two Reports)
Jerold Camacho
Jose Pino
KoF2002 & Sr33h4r!
Koutrouss Naddara
Lalith Rallabhandi
Madhu Akula
Mihir Mistry & Rakesh Singh
Monendra Sahu
Muhammad Talha Khan
Nakul Mohan
Nitin Goplani (Two Reports)
Ragini Gupta
Raja Kishore Kavi
Rafael Pablos
Roy Jansen
Sai Shanthan Palvai
Shahee Mirza
Salman Khan Champion
Simone Memoli
Sowmya V
Vaibhav Deshmukh
Yash Pandya


Yaroslav Olejnik