Security at Fountain

At Fountain, we take security seriously. If you need to contact our security team, you can reach us at [email protected].

Data encryption

Fountain forces HTTPS for all services using TLS (SSL). We also utilize HSTS to ensure that browsers only connect via secure HTTPS connections. Fountain uses AES-256 for encrypting documents at rest.

Fountain also regularly uses third-party security vendors to perform audits of our platform to ensure that we are using the best practices to keep all data secure.

Fountain Responsible Disclosure Policy

Data security is a top priority for Fountain, and Fountain believes that working with skilled security researchers can identify weaknesses in any technology.

If you believe you’ve found a security vulnerability in Fountain’s service, please notify us; we will work with you to resolve the issue promptly.

Disclosure policy

Let us know as soon as possible when you’ve discovered a potential vulnerability by emailing us at [email protected]. We vow to acknowledge your email within 24 hours. If you prefer to encrypt your communications, you can use our PGP key.
Provide us a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one week of disclosure.
Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Fountain service. Please only interact with domains you own or for which you have explicit permission from the account holder.