Security at Fountain

At Fountain, we take security seriously. If you need to contact our security team, you can reach us at [email protected].

Data encryption

Fountain forces HTTPS for all services using TLS (SSL). We also utilize HSTS to ensure that browsers only connect via secure HTTPS connections. Fountain uses AES-256 for encrypting documents at rest.

Fountain also regularly uses third-party security vendors to perform audits of our platform to ensure that we are using the best practices to keep all data secure.

Fountain Responsible Disclosure Policy

Data security is a top priority for Fountain, and Fountain believes that working with skilled security researchers can identify weaknesses in any technology.

If you believe you’ve found a security vulnerability in Fountain’s service, please notify us; we will work with you to resolve the issue promptly.

Disclosure policy

  • Let us know as soon as possible when you’ve discovered a potential vulnerability by emailing us at [email protected]. We vow to acknowledge your email within 24 hours. If you prefer to encrypt your communications, you can use our PGP key.
  • Provide us a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one week of disclosure.
  • Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Fountain service. Please only interact with domains you own or for which you have explicit permission from the account holder.

Exclusions

While researching, we’d like you to refrain from:

  • Denial of service
  • Spamming
  • Social engineering or phishing of Fountain employees or contractors
  • Any attacks against Fountain’s physical property or data centers

Thank you for helping to keep Fountain and our users safe!

Changes to these guidelines

We may revise these guidelines from time to time. The most current version of the guidelines will be available at https://www.fountain.com/security.

Recognition

We would like to thank these individuals for their contributions.

Maheshkumar Darji

Bulwarkers
Contact

Ankit Thakur

Twitter

Swapnil Maurya

Twitter

Kunal Mhaske

LinkedIn

Gawasharks

Twitter

Harinder Singh(S1N6H)

LinkedIn

Avanish Dubey

Linkedin

Contact

Fountain is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to email us at [email protected].