Get Appointed Get a Quote

Security

Vulnerability disclosure.

If you think you've found a security issue with our website, app, or any system that processes Stand customer data — please tell us.

Reporting a vulnerability

Email security@standinsurance.com with a description of the issue, how to reproduce it, and any proof of concept. PGP key on request.

What we ask

  • Give us reasonable time to triage and fix before disclosing publicly.
  • Don't access or modify customer data beyond what's needed to demonstrate the issue.
  • Don't perform attacks that degrade service for other users (DDoS, social engineering of staff, physical attacks).

What you can expect

  • Acknowledgement within 2 business days.
  • An honest read on whether the issue is in scope and our planned remediation timeline.
  • Public credit if you'd like it (and the issue is real).

Scope

In scope: standinsurance.com, the Stand customer and broker portals, and any host that issues a Stand-branded TLS certificate. Out of scope: third-party SaaS we use (report those to the respective vendors), social engineering, and physical security.