Report a Vulnerability

If you discover a security issue, report it privately to legal@onceasked.com with reproducible details.

Do not publicly disclose exploitable details before OnceAsked has had a reasonable time to investigate and remediate.

Include affected environment, reproduction steps, expected and actual behavior, and any impact assessment.

We review credible reports and coordinate response timelines based on severity and exploitability.

OnceAsked, Inc. is a Delaware C Corporation headquartered in New York City, NY 10001.

For legal matters, contact legal@onceasked.com. For all other matters, contact support@onceasked.com.

OnceAsked does not sell personal information under any circumstances.

We only share information with trusted partners when expressly permitted by contract, administrator configuration, or user instruction.