At TopK, the security of our systems and the privacy of our users are top priorities. We appreciate the efforts of security researchers and are committed to working with the community to identify and resolve vulnerabilities quickly and responsibly.
If you believe you've discovered a security vulnerability in any of our systems, please report it to us at security@topk.io or follow the reporting guidelines outlined below.
For information about our security compliance and certifications, please visit our Trust Center to learn about our SOC 2 compliance and other security measures.
The following systems and services are eligible for our bug bounty program:
console.topk.io, api.topk.io)The following are not eligible:
Please include the following when reporting:
Send all vulnerability reports to security@topk.io.
We acknowledge all reports as soon as possible — usually within a few business days. The timeline for resolution may vary depending on the complexity and severity of the issue.
We will keep you informed throughout the process and notify you once the vulnerability has been addressed.
TopK offers monetary rewards for eligible and high-impact findings that are responsibly disclosed in accordance with this policy. Reward amounts are determined at our discretion based on severity, exploitability, and overall impact.
We are committed to providing a safe and respectful process for security researchers. We will not pursue legal action against individuals who:
Thank you for helping us keep TopK secure.