We take the security of our services and the privacy of our users' data very seriously. If you have discovered a security vulnerability, we appreciate your help in disclosing it to us responsibly.

Please do not report security vulnerabilities through public GitHub issues or public forums.

Please choose the path that best fits your intent:

• Responsible Disclosure: If you have identified a security vulnerability, please email security@mixpanel.com.

  • Note: Your report will be routed to our internal ticketing system. We will acknowledge receipt of your findings. Please be advised that we do not maintain ongoing communication regarding the status of reports unless we have specific follow-up questions.

• Bug Bounty Program: If you are a security researcher interested in participating in our private bug bounty program, please email bugbounty@mixpanel.com to request onboarding instructions.

  • Note: Participation in our private program is subject to eligibility requirements, including a verification process to ensure researchers are in good standing on the HackerOne platform.

To help us triage the issue effectively, please include:

• Summary: A clear description of the vulnerability.
• Environment: The affected service, SDK, or repository.
• Reproduction Steps: Step-by-step instructions to reproduce the issue.
• Impact: A description of the potential risk.
• Remediation Suggestions: Any specific recommendations you have for mitigating or fixing the vulnerability.

We are committed to securing our latest stable releases. We recommend all users keep their implementations updated to the most current version to ensure they have the latest security patches.