Security & Responsible Disclosure
If you are unsure how to encrypt a message with our public key you may use encrypt.to.
We endeavor to respond within 24 hours.
We acknowledge individuals who report security issues responsibly and may reward a bounty at our discretion.
If you are a security researcher looking at Canvas please contact us for details of our staging environment–it is identical to our production environment and if you find an issue there you will not risk seeing protected health information.