← Back to home
Security
We take the security of our software and your data seriously. If you believe you have found a security vulnerability or wish to report a security incident, please let us know immediately.
Reporting a Vulnerability
If you discover a security vulnerability, please report it responsibly by emailing us at:
security@bettercallsam.co.ukPlease do not report security vulnerabilities through public GitHub issues or other public channels.
What to Include
- 1A description of the vulnerability and its potential impact
- 2Steps to reproduce the issue
- 3Any relevant screenshots or proof of concept
- 4Your contact details so we can follow up
Our Commitment
- We will acknowledge your report within 2 business days
- We will investigate and provide an initial assessment within 5 business days
- We will keep you informed of progress towards a fix
- We will not take legal action against researchers who report responsibly
Security Practices
- All data transmitted to HMRC uses TLS encryption
- OAuth tokens are encrypted at rest using AES-256-GCM
- We implement all 16 HMRC fraud prevention headers
- No customer credentials are stored by our application
Last updated: February 2026