Ushahidi uses a variety of industry-standard technologies and services to secure your data from unauthorized access, disclosure, use, and loss. Security is directed by Ushahidi's Chief Technical Officer and maintained by our engineering team.
We take reasonable administrative, physical and electronic measures designed to protect the information that we collect from or about you (including your PII) from unauthorized access, use or disclosure. Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information.
If you would like to report a vulnerability or have any security concerns with an Ushahidi product, please contact [email protected].
If possible, include information needed to reproduce and validate the vulnerability, a proof of concept, a list of tools used (including versions), and the output of the tools. We take all disclosures very seriously. Once disclosures are received, we verify each vulnerability before taking the necessary steps to fix it. Once verified, we periodically send status updates as problems are fixed.
Ushahidi supports responsible disclosure practices. To encourage responsible reporting, we will not take legal action against you or ask law enforcement to investigate if you comply with the following Responsible Disclosure Guidelines:
Ushahidi would like to thank the following individuals for disclosing security issues to us