TERMS OF SERVICEReSPONSIBLE DISCLOSURE POLICYREFUND POLICYPRIVACY POLICYAffiliate DisclosuresInheritance Terms of service

Responsible Disclosure Policy

Please email security@team.casa to report any security vulnerabilities. We will acknowledge receipt of your vulnerability report as soon as possible and strive to send you regular updates about our progress. If you’re curious about the status of your disclosure, please feel free to email us again. If you want to encrypt your disclosure email, you may download our key from the OpenPGP key server, find it below, or email us to have it sent to you.

Once a vulnerability is fully investigated and its content addressed, we will work with you to disclose the vulnerability in a way that acknowledges your work and protects our customers.

How to Report a Vulnerability

To ensure we can quickly evaluate and respond to your vulnerability report as quickly as possible, please ensure it includes the following information:

  • Impacted product, with version, build, and OS information if relevant
  • Type of vulnerability
  • Steps to reproduce
  • Evidence supporting the report, e.g. screenshots, console output, etc.

Safe Harbor Terms

To encourage research and responsible disclosure of security vulnerabilities, we will not pursue civil or criminal action, or send notice to law enforcement for accidental or good faith violations of the Casa Terms of Service (“the policy”). We consider security research and vulnerability disclosure activities conducted consistent with this policy to be “authorized” conduct under the Computer Fraud and Abuse Act, the DMCA, and other applicable computer use laws.

Please understand that if your security research involves the networks, systems, information, applications, products, or services of a third party (which is not us), we cannot bind that third party, and they may pursue legal action or law enforcement notice. We cannot and do not authorize security research in the name of other entities, and cannot in any way offer to defend, indemnify, or otherwise protect you from any third party action based on your actions.

You are expected, as always, to comply with all laws applicable to you, and not to disrupt or compromise any data belonging to other users.

Please contact us before engaging in conduct that may be inconsistent with or unaddressed by this policy. We reserve the sole right to make the determination of whether a violation of this policy is accidental or in good faith, and proactive contact to us before engaging in any action is a significant factor in that decision. If in doubt, ask us first!

Public GPG Key

  • Casa Security <security@team.casa>
  • ID: 822CEA50DFA9B997
  • Fingerprint B638 4E40 AE48 69EF 9785 7DBF 822C EA50 DFA9 B997

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFxPVbUBEAC59VUUH5ysSAgn+BuAHXzm7BXll5AM2fePsRdpwIxrHvFSrKlSfd1aFxzG98oYTlpyCfhLs/pu6bZxcq9DBl1gwoiV+8Hfuh3y3rqNk9Jq9tWTHR4s6FfdIL9EZz+nZ7yd2Jxfu6TS9nQ4liJtpww9MAEHQK+Ruo7FIfHpFIIQfyKEgBzlTeUd5YQBb8SJfqZlYPUQw2FSqUFhZvzOsa1tU3yVPfcwiD22hB5aXqjSjt2dXmqdfdMM8YJU3yubM41eNg4fKIhBsRROTvIGBve12Q9hYVn3omlpg2LRTvUVzcfFRBz39pJUIWiHDYoFzMqvIh6fMHKyub2MgXvLcsD04qozGvOvjxjuqU7IrLqPpnj/jmSSSgXLlin0T84PZNaUbFJ4GbJBLC6zs8/eaZRxrKuulre0oMor2zWlqws3G2HjpYa/X7Nw4KTNcn5T0Qyp25KznIcDqpwCoIqZwYQ2CU250P7XvDvfbs9utCTU9BcILQm2ub0AwUYII84GbIXQnO6pYE0PbN8yP48lAcKNpBy9ooQvIf0fKBMTYM1J7n3D2wCJtRmI4xZjakDyLe78H+GxK0K03sSrTZFhhHB0n4+GvjxW8K0oR75EE6Zfdn2KCiU/3C47Q5nHRFdxvFiP2arVV3qCIRs46MA6nwUpnjJnCXu42XJpeKPsfp/foQARAQABtCJDYXNhIFNlY3VyaXR5IDxzZWN1cml0eUB0ZWFtLmNhc2E+iQJUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEtjhOQK5Iae+XhX2/gizqUN+puZcFAmAR2AsFCQeE6VYACgkQgizqUN+puZdnXw//RvN/dLM6CNedl6aTiVcx9oQ6bnT4kaLj0KmSnZwh6CHSE4fGKigYRiRn1FfXOK6AfUhedp+PXZ1ge8mqkRqqR6RLgt5lZVqVu8c9656EIgI4sBxoZWdXDoHqf5COQSu60Z4GqDI9Ok1kRnyy4wrYWB5m3oC89NETgrgNTX1hAl4NXFI0je8KegGYfNRKffkwRv2ge1OD3t9U9d+DtTFDoIA/SgSJhzCfK6Blgm5pZC17nBANEyaGSVXzB42fG0vxF/2nov37tfhfDE48J2XbyTFG1xL0aby9y6b547f1pYABlESb5LjzBR1Vy/E+2rlOhbuK3qc5lwltD4cPq2CZqxwtdYnmu3VpO1bjzDRO+BGiN3u9SbY/9dy9Cu7RaF8aY2/fOJU7cnQAoDU5pceeFWygqJyXt92PNLaGclUK7mI0l35d4HL+2WOPG61wFsrrZsnU+ZqyT9jcAyLpR7oTCAtoenjLOUOQQebjGpNyZW04D5zmdGDkH4WxDjurqYOWOpvawxvKokO4PidQxzPLFNrWDS0lYoP8klrk/oCDmRkwZFNB3+ktEaasO7DeU78peJDBbmM4kREn14mfQDmk4mzL2WLyM8zS7FzF5TomFUlb/OcoEbh+2PPRI5k7WpmLBhAT4KyMIchh/KDqVkMe/45rE5zO1V3U82FL+9pAGz+5Ag0EXFIWQQEQANTlF1e84IZF/ve3GEqgSOornyQbyc6OHrB0SHbGJZq8ZyzykPO2PuGLae/O+fybquNGuprzSPTJ5X5fAxFF1Rbr5ik8IlMjm17Ew2Q4AhRcWxgV6FqJ5wIh5TIoan9ZAxKM2HCfP6bOC7uLzwLFAYKGiVtpNLhLkfZUFgcwFpadiHSzsrfkeGoC1PQo7cFOfvP4C63DEKTZbEFYpIn8UD0bh3Q80nuJZr1jVGEoV81DSKlGKlpB5KAmgYT5gQ63oHmf+AEuKT2tqUX/pa+MqTpskM2A5MwbAO0tYpCjY7KuL8PyxOhPgGSu6fJmfQ0R+hd62PSLR6lqNI51ScwdHBNmFVWSy/kXdcy+fgU+St2dG+4rRQt8swUI3NPiWeA3InxYk3PI4bIN/1k5VShnhVsN1lllhffNyTCK0LzoQjvUCUfBHp0p/0nTV6dmnI6xByoOGrz/Kw1EfkoSoZbBgCAWhcnpsCvm9ObnAOVSX7ZB7lGN/yvfBm5//NvhtP3UYLUJocol+35QIXoHw0MnFcsGrZyuG89UQhHOu8dY1mo/nqwqStFfrhTIntw/TS1i4XClfvn5exoBZDkvx2RF3mE/jvqNGmTZglGTFn5DXluMIGhYINZ2llM+kndGyuNfJxHscZZjumuiavxZNjHgldBtMHpHAYcpBcrum/2YcZpdABEBAAGJAjYEGAEIACAWIQS2OE5Arkhp75eFfb+CLOpQ36m5lwUCXFIWQQIbDAAKCRCCLOpQ36m5l81iD/90FvfxImfiABL1Vn5Asgm2IviEzmDPzhC4Y9Wwzft+WDnP9cxuMerGiAx0J/wCxbL/dbStJNhL8fteceuKEKZMSxdfaElq8DY0u8Nzzb+m0vPVE0qVWX+TQycUAaVgkmRk08g6FrbRvp3Cp2v590o+LhNp2rdezLk5YmlANTU7CTdlSLd4SAxCOnvfcAvY+RLoCSlMwDfnTL+b2D3MCwrgPhhGdOv5+GYuP5GWmK3XO/tcGsjcLiMJGXkEJwsRIIoiYyn3C9lXrikjPPyzGHM0GFeMBk4NOM2o4Qi/3JuunNWmypQOh5H6OtR8VQvTvy5OfdqsCIxRSStfsSXF2ubSaHLr6OdN+GgL1PLEPvQm5YsN8PtKiYNx3pB2139ModwH12RKISd9NerMhMTj4KqMU7g1q7McVkHgByaYUWt4MFnx+mnhR7TEeWC/h35FinxckI8Yh17be+XmSJsdMy60sWDbYDxVhcayAnE+00u5wDostDlTIRoZ9j4NbBm5lwV9meoMOWQAo0ni2B3el98m6D1vrA77PuttIDVDcQYwonfdw/+1bs0RrIQoS8yKkg0el5B1xq0iyRM5UMeua0VxJ51Mqad82QaCxSx1J1x0zXLtYUovyuB9r8WG1E/ILYFCsk3spBZnt8/HtZfQrVco9ooVmpGFvQOoTeP3sJvR/Q===49DK

-----END PGP PUBLIC KEY BLOCK-----