Juni Technology

Security is a top priority at Juni. We manage financial data that is strictly confidential to our customers, and we take that responsibility very seriously. If you’ve discovered a vulnerability that may in some way compromise the confidentiality, integrity, or availability of our systems, please report it to us as soon as possible so we can take appropriate action.

Easy! Send an email to <a href="mailto:security@juni.co" rel="nofollow noopener noreferrer" target="_blank">security@juni.co</a>.

We’re not offering bug bounties at present.

What should I include in the report?

For us to be able to analyse and confirm your finding in the quickest way possible, we ask you to include the following in your report: 

Concrete steps we can follow to reproduce your finding. Be as clear and detailed as possible.

Information about what platform/service/exposed resources are affected. This means IP addresses, domain names, URLs, version numbers, and other details that might be necessary for us to identify the affected resources.

Any other information to support your claim (e.g., logs, traces).

- Concrete steps we can follow to reproduce your finding. Be as clear and detailed as possible.
- Information about what platform/service/exposed resources are affected. This means IP addresses, domain names, URLs, version numbers, and other details that might be necessary for us to identify the affected resources.
- Any other information to support your claim (e.g., logs, traces).

Let us know as soon as possible upon discovery of a potential security issue.

Provide us with a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.

Make a good faith effort to avoid privacy violations and interruption or service degradation of our service.

Respect the privacy of our customers. Only test using accounts you own or where you have explicit permission from the account holder.

- Let us know as soon as possible upon discovery of a potential security issue.
- Provide us with a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
- Make a good faith effort to avoid privacy violations and interruption or service degradation of our service.
- Respect the privacy of our customers. Only test using accounts you own or where you have explicit permission from the account holder.

Test third-party services not owned by Juni, such as anything registered as juni.{thirdpartydomain}.com.

- Denial of Service
- Spamming
- Social engineering (including phishing) of Juni staff, contractors, or customers

Access or make changes to customer accounts.

Do any lateral movement and post-exploitation within Juni infrastructure.

- Break the law.
- Test third-party services not owned by Juni, such as anything registered as juni.{thirdpartydomain}.com.
- Modify, copy, or remove any Juni data.
- Perform any of the attacks listed below:
  - Denial of Service
  - Spamming
  - Social engineering (including phishing) of Juni staff, contractors, or customers
- Access or make changes to customer accounts.
- Do any lateral movement and post-exploitation within Juni infrastructure.

Public disclosures of any vulnerabilities (e.g., through social media or the press) can put our community at risk, so please make sure you keep this confidential. All disclosures should be made in accordance with our Responsible Disclosure Policy so that we can focus on resolving any issues as soon as possible. We reserve our right to take legal action or withhold potential rewards if this is not followed.

How do I report a bug to you?

Do I get a bug bounty?

What should I include in the report?

Please do ✅

Please don't 🚫

Some words on public disclosure