Responsible Disclosure Policy

Updated June 1, 2022

Reporting Security Vulnerabilities to Zendesk

Zendesk aims to keep its Services safe for everyone and data security is of utmost priority. If you are a security researcher and have discovered a security vulnerability in the Services, we appreciate your help in disclosing it to us in a responsible manner.

Our responsible disclosure process is hosted by HackerOne’s bug bounty program. We run the following programs which encompass multiple facets of our products; please visit the corresponding HackerOne portal below to report any security vulnerabilities:

  • Zendesk Support, Guide, Talk, Chat, Message, Connect, Explore, Sunshine, Sell, and Sunshine Conversations (Smooch) – https://hackerone.com/zendesk

Only vulnerabilities submitted via the appropriate channel will be eligible for a reward. If you’ve previously responsibly disclosed a vulnerability to us, thank you. Our list of contributors continues to live on at HackerOne and can be found here: