Security

Thriva has achieved and maintains an ISO 27001 certification, the international standard for managing information security.

Thriva encourages anyone who believes they have found a security bug or vulnerability in any of the applications or services we create or use to report it to infosec@thriva.co.

When investigating and reporting an issue, please:

• Include as much detail as possible such as: website, IP or page where the vulnerability can be observed; a brief description of the type of vulnerability; steps to reproduce the issue
• Comply with applicable laws and regulations
• Do not attempt to modify any data or access personal data of our customers
• Do not use any tools or take any actions that are likely to impact the availability or integrity of our services
• Do not share the vulnerability information beyond Thriva, without Thriva's written consent

Thriva values the expertise and effort of those who take the time to report vulnerabilities. Thriva will respond to anyone who has submitted a valid report. You are welcome to ask about the status of a vulnerability report.

At this time, Thriva does not operate a bug bounty programme or provide monetary rewards for vulnerability disclosures.