Report a security issue

23andMe Security Program

23andMe is committed to protecting our community, and has established a security program ("Program") for users to report security-related issues associated with our website ("Website") to us. If you believe you have found a vulnerability or issue and would like to participate in our Program, we ask that you submit a detailed description of the issue to us, including the steps that we can take to reproduce the issue and/or a proof-of-concept ("Report").

Once you submit a Report to us, please allow our team a reasonable amount of time to respond to your Report and correct the issue. We truly appreciate your efforts to protect our community, and we may reward participants for helping us out. All Reports are subject to the terms and conditions ("Terms") of our Program, set forth below, and with the Terms of Services available on the Website.

The 23andMe “Report a Security Issue” form is intended only for notifying us of security-related issues associated with our website. If you have an inquiry about placing an order, account access, or your results, then please contact our Customer Care team directly. Thank you!

Report a Security Issue

First, please let us know a little more about you. Which are you?

*and would like to contact Customer Care.

**and would like to report a Security Issue.

Responsible Disclosure Policy

23andMe is committed to protecting our community, and has established a security program ("Program") for users to report security-related issues associated with our website ("Website") to us. If you believe you have found a vulnerability or issue and would like to participate in our Program, we ask that you submit a detailed description of the issue to us, including the steps that we can take to reproduce the issue and/or a proof-of-concept ("Report"). Once you submit a Report to us, please allow our team a reasonable amount of time to respond to your Report and correct the issue. We truly appreciate your efforts to protect our community, and we may reward participants for helping us out. All Reports are subject to the terms and conditions ("Terms") of our Program, set forth below, and with the Terms of Services available on the Website.

Eligibility

The Program is open to individuals who are 18 years of age or older (or the age of majority in his/her jurisdiction of residence, whichever is older), provided that users who access our Website from any country against which the United States has issued export sanctions or other trade restrictions are not eligible to participate in the Program. The Program is void wherever prohibited or restricted, and is subject to all federal, state and local laws. You must comply with all applicable laws during your participation in the Program, including but not limited to those regarding the transmission of technical data exported from the United States or the country from which you access our Website. 23andMe shall have the right at any time to change or discontinue any aspect or feature of the Program.

Scope

We invite and welcome Reports on any security-related issue or vulnerability that you may find on our Website. However, please do not resort to phishing, spamming and other questionable methods that may harass our users or compromise their data, generate significant volumes of traffic, or cause disruption to our Website.

Ownership and Incentive

Any Report that you submit to us will become our property, and we are under no obligation to act on a Report. However, if we do act on a Report, we may in our sole discretion extend monetary or non-monetary compensation ("Reward") to you as a gesture of our appreciation for helping out 23andMe and the community. You will be responsible for any federal, state and local taxes and any expenses, costs, or fees associated with your participation in the Program and any Reward.

Warranty Disclaimers

YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT: (1) YOUR PARTICIPATION IN THE PROGRAM AND USE OF ANY REWARD IS AT YOUR SOLE RISK. 23ANDME EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. 23ANDME SPECIFICALLY DISCLAIMS ANY LIABILITY WITH REGARD TO ANY ACTIONS RESULTING FROM YOUR PARTICIPATION IN THE PROGRAM OR USE OF ANY REWARD.

Final Note

We ask that you follow principles of responsible disclosure and give the 23andMe security team a reasonable amount of time to respond to and correct the submitted issue before you make it public. We ask you to remain open in communicating with us regarding any public disclosure so that we're in agreement on the report and timelines.

Thank You!

We sincerely appreciate the efforts of security researchers in keeping our community safe.