Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Cookie preferences

Responsible Disclosure Program

Last updated: February 2nd 2023

Our program

At Awell, we are committed to ensuring the security of our information, systems and services and value the role of security researchers in helping us mitigate cybersecurity risk.

If you believe you have discovered a suspected cyber threat or security issue that affects the confidentiality, integrity or availability of Awell’s information, systems or services (“vulnerability”), please submit a report to our team via one of the methods below.

For the protection of our customers, we treat all information regarding a vulnerability as confidential and ask that you do not publicly disclose, discuss or confirm the details of any suspected security issues.

What's not allowed?

While we encourage security research on our products and services, the following types of research are strictly prohibited:

  • Accessing or attempting to access accounts or information you are not authorised to
  • Any attempt to modify or destroy information
  • Sending or attempting to send unsolicited or unauthorised email or other type of message
  • Conducting social engineering (including phishing) of Awell employees, contractors, customers or any other related party
  • Posting, transmitting, uploading, linking to, sending or storing malware that could impact our services, products or customers
  • Exfiltration, disclosure or use of any proprietary or confidential information or data of Awell (including customer data) under any circumstances
  • Clickjacking
  • Weak or insecure SSL ciphers and certificates
  • Any attempts of a Denial of service (DoS)
  • Any activity or attempt to gain unauthorised access to Awell software or systems in violation of law.

Awell does not waive any rights or claims with respect to such activities.

Reporting a security issue

You can responsibly disclose suspected vulnerabilities to the Awell Team by emailing security@awellhealth.com

To assist us in investigating your report, we recommend you follow the structure:

  • Affected product or service, including affected URL(s)
  • Your name and contact information (if you do not wish to provide your personal information, you may contact us anonymously, or by using a pseudonym)
  • Date, time and time zone of when the suspected vulnerability was discovered
  • IP address used when suspected vulnerability was discovered
  • Steps to reproduce the vulnerability

Next steps

Upon submitting your disclosure, you will receive confirmation that we’ve received it within 5 business days.

We will use the disclosure information you provide to enhance the security of our systems. We may also use the information in notifications to regulatory bodies, to comply with laws, and assist government or law enforcement agencies.

Privacy

If you have provided your personal information, we may contact you for more information to assist us with investigating your disclosure.

For more information about how we handle your personal information, you can refer to our privacy policy: https://www.awellhealth.com/privacy-policy.

Recognition

Awell does not compensate individuals or organisations for identifying potential or confirmed security vulnerabilities. However, we are very grateful for any submissions and are happy to provide a document crediting the individual or organisation for the discovery.

Build websites rapidly with over 100 interface blocks.