Security

Report any concerns to our Security Desk

If you encounter any suspicious or unusual activity, such as an unexpected email, in relation to Spotcap products and services, please contact us immediately. You can email us at security@spotcap.com.

We protect your information with encryption

Information that you enter on our website is encrypted when it leaves your computer, protecting it as it transfers into Spotcap’s systems. Encryption converts information from readable form into a sequence of code that’s almost impossible for anyone to decipher. We use some of the strongest forms of encryption that are commercially available.

For peace of mind, during any transaction, look for the closed padlock symbol on your browser, which shows that encryption is being used on the website you are looking at. Secure websites also start their address with “https://”, with the ‘s’ indicating that it is secure.

We keep our security up-to-date

Our website and other products are regularly reviewed by independent security professionals. The review methodology is in line with best practice as set out by OWASP (Open Web Applications Security Project), a widely recognised body that provides security guidance on web applications to both commercial and government organisations.

Spotcap is rolling out a bug bounty program, as another layer to our online security. If you believe you have discovered a vulnerability in our systems, please contact our Security Desk by emailing security@spotcap.com. We offer cash rewards to encourage security researchers to inform us about bugs or vulnerabilities, so that we can fix them long before any damage is done. Rewards can start from $50 or more depending on the type of bug and the amount of time spent.

We know that public disclosure of vulnerabilities can be an essential part of the vulnerability disclosure process and that one of the best ways to make software better is to enable everyone to learn from each other’s mistakes. At the same time, we believe that disclosure in the absence of a readily available patch tends to increase risk rather than reduce it, and so we ask that you refrain from sharing their report with others while Spotcap is working on the patch.