Security at BlueBear

At BlueBear, security is a core part of our product and culture. We're a small but sharp SaaS team, and we take the protection of your data seriously.

If you're a customer, partner, or friendly internet security researcher, this page is for you.

Reporting a Vulnerability

If you believe you've found a vulnerability or security issue in a BlueBear service:

• Please let us know, we want to fix it!
• Avoid testing in production, we can provide a test environment if you want to confirm any findings.
• Don't publicly disclose without giving us a chance to respond.
• Act responsibly and in good faith, and we'll do the same.

We don't have a bug bounty programme at this time, but we truly appreciate well-intentioned reports and are happy to recognise meaningful contributions.

Contact Information

• Email: security@bluebear.nl
• security.txt: View our full security.txt
• Preferred languages: English or Dutch

Responsible Disclosure Policy

We maintain a simple and practical responsible disclosure policy that outlines how we handle vulnerability reports and what we expect from researchers.

In short:

• We encourage good-faith reporting of security issues.
• We respond quickly and treat researchers with respect.
• We ask that you avoid testing in production and refrain from public disclosure until we've had a chance to fix the issue.
• We do not pursue legal action against responsible researchers who follow these principles.

If you need more detail for procurement, vendor review, or legal peace of mind, you can also just get in touch. We're happy to talk.

This Applies to All BlueBear Services

All BlueBear domains and services follow the same security principles.
Each domain hosts a local copy of our security.txt file to ensure availability and isolation.

Closing Note

Thanks for caring about security. We do too.
If you think you've found something that could make BlueBear safer, we'd love to hear from you.