Responsible Disclosure


If you believe you’ve found a security vulnerability in the Twine application or our infrastructure, let us know by using the form below. Please provide as much information as possible about the potential flaw, how one might exploit it, and any other information to help us understand the nature and scope of the issue. We take security very seriously and investigate and respond to all reported vulnerabilities.

Please be respectful and don’t violate anyone’s privacy, interfere with anyone’s account, destroy any data or degrade our services. Please give us a reasonable amount of time to respond before publicly disclosing your findings.

If you’d like to encrypt communications with Twine, please use our PGP/GPG public key which can be found at our Keybase page. The fingerprint is EADC 85CC EC84 D495 6D92 91E1 9491 E353 A7BD C4FC.

We welcome any and all submissions, and appreciate your time and effort to help make Twine safer for everyone!

Help us understand the gist of the vulnerability with a quick summary.
We like BugCrowd's Vulnerability Rating Taxonomy ( for classifying the severity of security issues.
Describe the vulnerability, including the URL, and provide a proof of concept. How would you fix it?