All articles
Privacy & security

Report a security issue

How to reach the team responsibly — and what we'll do when you do.

Email security@tryheel.com with as much detail as you can share. PGP optional but welcomed.

What we'll do

  1. Acknowledge within 1 business day.
  2. Triage and respond with a fix timeline within 5 business days.
  3. Credit you (or keep you anonymous, your call) in any public disclosure.

We don't run a paid bug bounty yet. We do send a thank-you, and once revenue exists, that'll become a real reward.

Was this helpful?
Contact us

Didn't find your answer? Write to us.

We read every message. The gaps we hear about most are the next articles we write.

Send us a message.

Every message goes to a real person on the Heel team — currently, the founder. We read everything that comes in.

Never include passwords, payment details, or 2FA codes — we'll never ask for them.
Response time
We aim to reply within 3–5 business days. Beta users go to the top of the queue.
Who you'll hear from
A real person on the Heel team — not a ticketing bot.
Sensitive info
Never share passwords, payment details, or 2FA codes — we'll never ask for them.

When you write in, include:

  • The email on your Heel account (so we can find you)
  • What you were trying to do, and what happened instead
  • A screenshot if it's a visual issue — attach to a reply once you've got a thread
  • The invoice or EOB ID if it's about a specific document
  • Roughly when it happened (helps us find logs)