×
Freshbooks
Official App
Free – Google Play
Get it
Privacy and Security:

Responsible Disclosure of Security Vulnerabilities

FreshBooks is committed to the privacy, safety and security of our customers.

FreshBooks aims to keep its service safe for everyone, and data security is of the utmost priority. If you are a security researcher and have discovered a security vulnerability in our product, website, or service, we appreciate your help in disclosing it to us in a responsible manner.

If you are a current customer

If you feel your account may have been compromised, or if you suspect fraudulent behavior, do not hesitate to contact our support team. Your issue will be investigated immediately and thoroughly.

If you are a security researcher or have discovered a vulnerability

Reporting Issues

If you think you’ve found a security vulnerability in FreshBooks, contact us immediately via security@freshbooks.com (PGP Key).

PGP Key ID: 0x1D3189FA PGP Fingerprint: F95D 04F1 1B91 6B90 F4E5 BB6B B7A0 DA75 1D31 89FA

  • Please include as much information as possible in your report, including a way for us to reproduce the issue. “Proof-of-Concept” programs, tools, or test accounts that you’ve created are welcome.
  • Please do not make your research or findings public (or share them with anyone) until we have had a adequate time to investigate and deploy a fix. We will notify you when the security vulnerability has been patched.
  • Tell us how to identify you and your company (if applicable) so we may enshrine you in our Hall of Fame section below.

Permitted Research

“Whitehat” security researchers are welcome. Though grateful for your research and proactive disclosure, FreshBooks does not tolerate the following:

  • any attempt to access, modify or destroy a customer’s account or data
  • any attempt to interrupt or degrade the services offered by FreshBooks
  • any attempt to execute a “Denial of Service” attack
  • any research that involves a violation of any applicable law

Breaching the above in any way will result in contacting the relevant authorities.

When researching or investigating our service, please create your own accounts to test with. Do not attempt to “break in” to other customers’ accounts.

The FreshBooks Security Team strives to be prompt in responding to security vulnerabilities and will try to respond within 48 hours to any report received. During our business hours, we will likely respond same day.

Hall of Fame

FreshBooks thanks the following Internet Security Superstars for their vigilance keeping the online world a safer place: