Security

Independent audits, public results.

We commission annual third-party penetration tests and publish the results — good and bad. Transparency is non-negotiable.

Audit History
Every audit. Every result. Public.

We believe publishing audit results — including vulnerabilities found — builds more trust than any privacy policy could.

January 2026
Annual Penetration Test & Security Review
Cure53, Berlin
3
findings
3
resolved
All resolved Full Report
July 2025
Infrastructure & Configuration Audit
NCC Group, London
1
findings
1
resolved
All resolved Full Report
January 2025
Annual Penetration Test & Security Review
Cure53, Berlin
5
findings
5
resolved
All resolved Full Report
March 2024
API & Application Security Audit
Trail of Bits, New York
2
findings
2
resolved
All resolved Full Report
January 2024
Annual Penetration Test & Security Review
Cure53, Berlin
4
findings
4
resolved
All resolved Full Report
Vulnerability Disclosure
Found something? Tell us.

We run a responsible disclosure programme. Security researchers who report valid vulnerabilities are credited publicly and may be eligible for our bounty programme.

Report a Vulnerability

Email security@tempmail.io with a clear description and steps to reproduce. PGP key available on our security page.

Response SLA

We acknowledge all reports within 4 hours and provide a full response within 48 hours, including our assessment and timeline.

Bug Bounty

Critical and high-severity findings are eligible for our bounty programme. Payouts range from $200 to $5,000.

Responsible Disclosure

We commit to not pursuing legal action against researchers acting in good faith and following our disclosure guidelines.

Security is an ongoing commitment.

Annual audits, active disclosure, and a team that takes every report seriously.

Report a vulnerability