Vulnerability Disclosure Program

Vulnerabilities may be reported by emailing We are extremely receptive and thankful of any contribution in this regard. 

3rd party security research companies are given permission scan any aspect of the system such as endpoints, urls, ports, files forms and http methods – providing a canning rate limit of no more than 1 request for every 2 seconds is followed. Email to request a higher scan rate.

We are serious about keeping our system secure. We developed FollowUpThen and related services using security best practices and regularly scan our system using Detectify.  Depending on the nature of your discovery, we can offer to you a free year subscription to a FollowUpThen premium account, and the possibility of future contract to work with us to improve the security of FollowUpThen and our related systems.

If you employ an automated scanner, please throttle http requests to no more than one every two seconds. Please do not attempt DOS attacks. Use only your FollowUpThen account for testing.

Please send your findings to