Back to home

Security & Responsible Disclosure

Last updated: June 18, 2026

Security is core to Worldhire - we protect candidate identities and confidential hiring data. If you believe you have found a security vulnerability, we want to hear from you and we will work with you to understand and resolve it quickly.

1. How to report

Email security@worldhire.com with a clear description of the issue. Please include:

  • what the vulnerability is and the affected URL / endpoint / component,
  • step-by-step instructions to reproduce it (a proof-of-concept helps),
  • the impact you believe it has,
  • how we can reach you for follow-up.

A machine-readable contact is also published at /.well-known/security.txt.

2. Safe harbor

We will not pursue or support legal action against anyone who, in good faith and in line with this policy, discovers and reports a vulnerability. Good-faith research means you:

  • only interact with accounts you own or have explicit permission to test,
  • do not access, modify, or delete other users’ data,
  • avoid privacy violations, service degradation, and destruction of data,
  • do not exploit the issue beyond the minimum needed to prove it, and
  • give us a reasonable time to remediate before any public disclosure.

3. Out of scope

Automated scanner output with no demonstrated impact, social-engineering or phishing of our staff or users, physical attacks, denial-of-service / volumetric testing, and findings that require a compromised device or a rooted/jailbroken environment are generally out of scope.

4. What to expect

We aim to acknowledge a report promptly, keep you updated as we investigate, and let you know when the issue is resolved. We treat confidential reports confidentially and, with your permission, are happy to credit you once a fix is shipped.

5. Please do not

Publicly disclose a vulnerability before we have had a reasonable chance to fix it, or access more data than necessary to demonstrate the issue. If you encounter candidate or recruiter personal data during testing, stop, do not store or share it, and tell us in your report.