Vulnerability Disclosure Policy

Last updated: April 3, 2026

Our commitment

Good Authority Inc. (“Ren”) takes the security of our platform and user data seriously. We value the work of security researchers who help us maintain a safe and secure product for our customers.

If you believe you have found a security vulnerability in any Ren-operated service, we encourage you to report it to us responsibly. We will investigate all legitimate reports and do our best to quickly fix the problem.

How to report a vulnerability

Please email your findings to security@tryren.com. Include as much detail as possible:

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Affected URLs, endpoints, or components
  • Potential impact of the vulnerability
  • Any proof-of-concept code or screenshots

What to expect

  • Acknowledgment: We will acknowledge receipt of your report within 2 business days.
  • Assessment: We will investigate and validate the vulnerability within 10 business days.
  • Resolution: We aim to remediate confirmed vulnerabilities within 30 days, depending on complexity.
  • Communication: We will keep you informed of our progress throughout the process.

Scope

The following services are in scope:

  • tryren.com and app.tryren.com
  • Ren Slack application
  • Ren Microsoft Teams application
  • Ren API endpoints

The following are out of scope:

  • Social engineering attacks against Ren employees
  • Denial of service attacks
  • Third-party services and applications not operated by Ren
  • Vulnerabilities in outdated browsers or platforms

Safe harbor

We consider security research conducted in accordance with this policy to be authorized. We will not pursue legal action against researchers who:

  • Act in good faith and follow this disclosure policy
  • Avoid privacy violations, data destruction, and service disruption
  • Do not access or modify other users’ data
  • Report vulnerabilities promptly and provide reasonable time for remediation before public disclosure

Security certifications

SOC 2 Type II. Scoping, controls, and the full report available under NDA on request.

For more information about our security practices, visit our Trust Center page.

Contact

For security-related inquiries: security@tryren.com

For general support: support@tryren.com

Ren logo

Start free

Free for up to 4 people. No credit card. Ren works best in Slack — or start on the web.

or start on the web

Your conversations with Ren are always private.