Vulnerability Disclosure and Reward Program

Help us make Missive safer!

We encourage responsible reports of vulnerabilities found in our websites and apps. We kindly ask that you not publicly disclose any information regarding vulnerabilities until we fix them. Rewards are offered at our discretion based on how critical each vulnerability is.

To report vulnerabilities, contact us at security@missiveapp.com with a detailed description to help us understand and fix the vulnerability as quickly as possible.

Our security.txt can be found here.

Out-of-scope exclusions

The following vulnerability classes are excluded from the program. No reward will be offered for reports related to these.

  • DMARC, SPF and DKIM email policy on Missive domains
  • EXIF metadata not stripped from uploaded images
  • Lack of DNSSEC
  • Password reset link not invalidated upon requesting a new one
  • Issues affecting feedback.missiveapp.com; these should be reported to Canny.io
  • Issues affecting hq.missiveapp.com; these should be reported to Simple Analytics
  • Issues affecting status.missiveapp.com; these should be reported to PagerDuty
  • Issues affecting missiveapp.com; these should be reported to Webflow
Featured on the blog
Tasks in Missive: Your Inbox is Now Your Command Center
Product
Book a demo
Features
Pricing
Integrations
Download
Help center
Changelog
Developer
Company
Blog
About
Contact
Status
Customer stories
Referral program
How do we compare?
Missive vs. Front
Missive vs. Gmelius
Missive vs. Help Scout
Missive vs. HelpWise
Missive vs. Hiver
Missive vs. Office 365
Missive vs. Outpost
Missive vs. Slack
Missive vs. Spark
Missive vs. Superhuman
Shortwave
© 2025 Missive
·
Privacy Policy
·
Security
·
Terms