Truehome
Buy Rent List Property
For Agents
Sign In

Security Policy

Last updated: 5 March 2026

1. Our Commitment

Truehome takes the security of our platform and the privacy of our users seriously. We appreciate the work of security researchers and welcome responsible disclosure of vulnerabilities found in our systems.

2. Scope

This policy applies to security vulnerabilities in Truehome-owned systems, including:

  • The truehome.ie web platform and all its subdomains
  • Truehome's public-facing APIs
  • Truehome's mobile or web applications

The following are out of scope:

  • Third-party services we rely on (Stripe, Google, Mapbox, etc.) — report those directly to the respective vendor
  • Social engineering attacks targeting Truehome staff
  • Physical security
  • Denial-of-service attacks
  • Spam or phishing campaigns

3. How to Report a Vulnerability

Please report security vulnerabilities by emailing security@truehome.ie or via our support portal at support.truehome.ie.

Your report should include:

  • A description of the vulnerability and its potential impact
  • Step-by-step instructions to reproduce the issue
  • Any relevant URLs, screenshots, or proof-of-concept code
  • Your name and contact details (optional — anonymous reports are accepted)

4. Our Response Process

When you submit a report, we commit to:

  • Acknowledge your report within 3 business days
  • Investigate the reported issue promptly and keep you informed of progress
  • Resolve confirmed vulnerabilities as quickly as possible, prioritising based on severity
  • Notify you when the issue has been resolved

5. Responsible Disclosure Guidelines

We ask that researchers follow responsible disclosure practices:

  • Give us a reasonable amount of time to resolve the issue before public disclosure
  • Do not access, modify, or delete data belonging to other users
  • Do not disrupt our services or degrade the user experience during testing
  • Do not exploit the vulnerability beyond what is necessary to demonstrate the issue
  • Do not use automated scanning tools against our production systems without prior permission

Researchers who follow these guidelines in good faith will not face legal action from Truehome in connection with their research.

6. Recognition

We do not currently operate a bug bounty programme. However, we are grateful for responsible disclosures and will acknowledge researchers who report confirmed vulnerabilities (with their permission) in our release notes or a public hall of fame.

7. Contact

Security matters: security@truehome.ie

Support portal: support.truehome.ie

For general enquiries, please use our contact page.