Skip to main content
All CollectionsAbout JuniSecurity
Vulnerability Disclosure Policy
Vulnerability Disclosure Policy

Security at Juni

Giuseppe Leoni avatar
Written by Giuseppe Leoni
Updated over 6 months ago

Security is a top priority at Juni. We manage financial data that is strictly confidential to our customers, and we take that responsibility very seriously.

If you’ve discovered a vulnerability that may in some way compromise the confidentiality, integrity, or availability of our systems, please report it to us as soon as possible so we can take appropriate action.

How do I report a bug to you?

Easy! Send an email to security@juni.co.


Do I get a bug bounty?

We’re not offering bug bounties at present.

What should I include in the report?

For us to be able to analyse and confirm your finding in the quickest way possible, we ask you to include the following in your report:

  • Concrete steps we can follow to reproduce your finding. Be as clear and detailed as possible.

  • Information about what platform/service/exposed resources are affected. This means IP addresses, domain names, URLs, version numbers, and other details that might be necessary for us to identify the affected resources.

  • Any other information to support your claim (e.g., logs, traces).

Please do

  • Let us know as soon as possible upon discovery of a potential security issue.

  • Provide us with a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.

  • Make a good faith effort to avoid privacy violations and interruption or service degradation of our service.

  • Respect the privacy of our customers. Only test using accounts you own or where you have explicit permission from the account holder.

Please don't 🚫

  • Break the law.

  • Test third-party services not owned by Juni, such as anything registered as juni.{thirdpartydomain}.com.

  • Modify, copy, or remove any Juni data.

  • Perform any of the attacks listed below:

    • Denial of Service

    • Spamming

    • Social engineering (including phishing) of Juni staff, contractors, or customers

  • Access or make changes to customer accounts.

  • Do any lateral movement and post-exploitation within Juni infrastructure.

Some words on public disclosure

Public disclosures of any vulnerabilities (e.g., through social media or the press) can put our community at risk, so please make sure you keep this confidential. All disclosures should be made in accordance with our Responsible Disclosure Policy so that we can focus on resolving any issues as soon as possible. We reserve our right to take legal action or withhold potential rewards if this is not followed.

Did this answer your question?