Security Policy

Security Disclosure Policy

At Blur, we take security seriously. We regularly check all Blur websites, assets, services and products for signs of compromise, fraudulent behavior, and bugs. We also welcome reports of potential security vulnerabilities via security@blur.com.

How to Report

To help us review your report effectively, please include:

  • A clear and concise description of the issue
  • Steps to reproduce the vulnerability
  • Any relevant technical details, proof of concept, or screenshots

What We Will Do

  • Our internal security team will review, perform triage and verification of the submission.
  • If a valid issue is identified, our internal security team will address it in line with our deployment and mitigation procedures.

What We Will Not Do

  • We do not respond or acknowledge any submissions, emails or reports from unknown individuals or unaffiliated researchers and shall in our sole discretion decide what, if any, reports will be reviewed or what acknowledgement will be provided for any findings reported to us, if any.
  • We do not offer financial compensation, rewards or participate in third-party bounty programs.
  • We do not provide reimbursement for expenses related to vulnerability research (e.g., holding domains, S3 buckets).
  • We do not engage in negotiation or coordinated disclosure agreements.

For more information, see our security.txt.

Legal Notice

You agree that by submitting such information to Blur Studio Inc., you grant Blur Studio Inc. a worldwide, perpetual, irrevocable, exclusive, transferable, sublicenseable, fully-paid and royalty-free license under any and all intellectual property rights that you own or control to use, copy, modify, create derivative works based upon and otherwise exploit such information for any purpose. Any activity which involves the intentional compromise of the privacy of our customers or employees or the intentional disruption of the operation of Blur Studio Inc.'s services, or information technology infrastructure may result in Blur Studio Inc. taking action, including but not limited to, bringing legal claims, against you. We may collect information that could reasonably be used to identify you (e.g., IP address). Blur Studio Inc. may use this information for several purposes, including to evaluate a reported vulnerability and protect Blur Studio Inc.' information technology infrastructure. Blur Studio Inc. reserves the right to modify or terminate this Security Policy in its sole discretion, at any time and without prior notice.