Български
Bosanski
Català
Čeština
Dansk
Deutsch
Deutsch
Deutsch
Eesti
Ελληνικά
English
English
English
English
English
English
English
Español
Español
Español
Español
Français
Français
Français
Français
Hrvatski
Italiano
Italiano
Latviešu
Lietuvių
Magyar
Македонски
Nederlands
Nederlands
Norsk (bokmål)
Polski
Português
Português
Română
Shqip
Slovenčina
Slovenščina
Srpski
Suomi
Svenska
Türkçe
Українська
中文
Responsible Disclosure of Security Vulnerabilities
Security is a top priority at FlixBus and we are continuously working to provide secure products. Despite our best efforts, vulnerabilities can occur. We welcome reports from security researchers and users who discover potential security issues in our products.
How to report a vulnerability
If you discover a security vulnerability in a FlixBus product, please report it to responsible-disclosure@flixbus.com.
To help us assess and address the issue, please include:
- The type of vulnerability you have found
- Steps to reproduce the issue — the more technical detail the better
- The potential impact or risk
- Your suggested fix, if any
How to report a vulnerability
When we receive your report we will review it and work to address confirmed vulnerabilities.
We will be in touch to let you know when a fix has been released. We ask that you give us reasonable time to investigate and remediate before publishing your findings.
Please note that we do not currently offer bug bounties or other compensation for reported vulnerabilities.
Our commitment to transparency
When we release a security fix, we will publish a security advisory describing the vulnerability, the affected product versions, its severity, and guidance for users.
Scope
This policy covers all FlixBus digital products, including our mobile applications and web services.
Where to send your report
Single point of contact: responsible-disclosure@flixbus.com