At WorkUp Health, Inc., we take the security of our systems and customer data seriously. We welcome the contributions of security researchers and others who help us identify vulnerabilities responsibly.
How to Report
If you believe you’ve found a security vulnerability, please email us at:

security@workup.health

​

For anonymous reporting of policy violations, you may also use our Whistleblower Form.

 

Scope
Our Responsible Disclosure Program applies to:

• The WorkUp Health core platform

• Associated web applications

• Supporting infrastructure and integrations

​

Guidelines for Researchers
We will not pursue legal action against good-faith security researchers who:

• Test our systems without harming WorkUp Health or its customers

• Stay within the scope of this program

• Do not exfiltrate or abuse data

• Refrain from publicly disclosing vulnerabilities until we’ve had a chance to remediate them

​

What to Include in Your Report
To help us triage effectively, please provide:

• A clear description of the issue

• Steps to reproduce (proof-of-concept preferred)

• The potential impact

• Any suggested fixes

• Your disclosure timeline (if applicable)

​

What You Can Expect from Us

• Acknowledgment of your report within 2-3 business days

• Regular updates during our investigation

• Notification upon fix of the vulnerability

• Recognition for validated reports, if desired

​

Legal Safe Harbor
We authorize good-faith security research under this policy. Researchers who follow these rules will not be subject to legal action.