Security & Responsible Disclosure

To report a security issue to Canvas please encrypt your message with our public key and send an email to security@canvasmedical.com.

If you are unsure how to encrypt a message with our public key you may use encrypt.to.

We endeavor to respond within 24 hours.

We acknowledge individuals who report security issues responsibly and may reward a bounty at our discretion.

If you are a security researcher looking at Canvas please contact us for details of our staging environment--it is identical to our production environment and if you find an issue there you will not risk seeing protected health information.