SurveyMonkey takes security seriously and encourages reports about security issues or vulnerabilities found on our sites.
Any behavior that compromises the stability and integrity of our sites is prohibited.
If you find a security concern in one of our products, or see something that’s not quite right in our code, please let us know so we can investigate.
When recreating an issue, avoid any testing that causes harm or risk to SurveyMonkey, our users, staff, or physical environment.
After completing a submission, we’ll investigate your report and reach out if more details are needed.
Please keep information about potential vulnerabilities confidential between you and SurveyMonkey. We don’t allow public disclosure of vulnerabilities.
Researchers with a Bugcrowd account can receive kudos points for P1, P2, and P3 vulnerabilities. SurveyMonkey doesn’t offer kudos points for P4 issues.
SurveyMonkey also offers an invite-only, paid private program on Bugcrowd for researchers. Invitation to the program is based on the security impact and quality of submissions.
External submissions are not eligible for monetary rewards at this time. Any potential compensation, like kudos points, will be determined after the security team evaluates your report.
Here’s how you can reach out for other product bugs or concerns.