Terms & Policies

Responsible Disclosure

The Sideways 6 Vulnerability Disclosure Programme

At Sideways 6, we deal in ideas and information. That's why ensuring our customers can fully rely on us to protect their data is of paramount importance to us. If you are a security researcher and you have discovered a security vulnerability in the Sideways 6 platform, on our public website, or elsewhere, we would like to ask you to tell us about it in a responsible way.

Our promise is simple - if you are a security researcher and you report a vulnerability in good faith and in accordance with this policy, we will validate it and address it. We will not take legal action against you or penalise you in any way if you help us in this way. However, breaking this policy is not a good idea - we reserve all legal rights in case of non-compliance.


We encourage security researchers to submit the details of any suspected vulnerabilities with our Information Security Team via the form at the bottom of this page. We will review your submission, verify that it's indeed a real vulnerability that needs to be addressed, and check that it hasn't been reported previously. Your submission will need to include full details of the issue and how to reproduce it.

We don't operate a bug bounty programme, but if you help us by informing us about a real security issue, we will do our best to get you some of our S6 merch, or maybe even an Idea Beer.

Our Commitment

If you find and report a real security vulnerability in accordance with this policy, we promise to work with you to understand and validate the issue, and we will triage it and address it if we see that as appropriate or inform you we aren't going to. Once you've reported a vulnerability, we'll try and respond within two weeks.


Please don't publicly disclose any details of the vulnerability you've identified without our written consent - that would constitute non-compliance with this policy. In the process of finding, validating, reporting, communicating about or doing anything at all about the issue, you're not allowed to do the following things - that would also make you non-compliant:

  • Don't access, download, change, or delete data in or whilst using someone else's account
  • Don't try (or succeed) to DDoS us or do any other kind of Denial of Service attack
  • Don't upload, send, store, or link to any malicious software
  • Don't use social engineering to expose non-technical vulnerabilities
  • Don't test things in a way that can be seen as spam or other kinds of unsolicited mass messaging
  • Don't test things in a way that would break or slow down our systems for others
  • Don't break the conditions or policies of other apps, services, or websites that we integrate or connect with
  • Don't do anything illegal or share confidential info with third parties, especially personal data

Vulnerability Reporting

Please fill the form below to report a security vulnerability: