If you believe you've found a security vulnerability in the Privy platform, please let us know. To report a security vulnerability securely, please email the report to
All valid reports will be investigated and receive a reply.
You can encrypt communications with the team using our PGP key. The key fingerprint is: 8099 E9C3 A8D2 5E6E 5751 198F EBD4 0FAD 1208 7DBA
While Privy does not participate in a formal bug bounty program, we award tokens of our appreciation for original, valid, responsibly disclosed security bugs.
Bounties are awarded and sent at our discretion and paid out via PayPal.
Please note that Privy does not consider the following to be security vulnerabilities:
- These allow merchants to run arbitrary browser code by design.
- Information disclosure issues related to campaign assets, or discount codes.
- Privy makes no guarantee of privacy regarding merchant-provided assets (graphics, images, pdfs). Privy makes no guarantee that only intended recipients receive discount codes.