Security.

How to report a security issue, how long we support your device with security updates, and our device-security compliance for the UK and Australia.

Last updated: 22 June 2026

Reporting a security vulnerability

We take the security of the Bindicator and its companion app seriously. If you believe you have found a security vulnerability, we want to hear from you and will work with you to resolve it.

How to report

Email [email protected] with:

  • a description of the issue and where you found it (device, mobile app, or backend);
  • the steps to reproduce it;
  • any proof-of-concept, logs, or screenshots that help; and
  • how we can contact you for follow-up.

If you would like to send your report encrypted, ask us for a key in your first message.

What you can expect from us

  • Acknowledgement of receipt within 5 business days.
  • An initial assessment, and an expected timeline where relevant, within 10 business days.
  • Status updates at least every 30 days until the issue is resolved or closed, and a notification when it is resolved.
  • Credit for your discovery, if you would like it and the report is valid and new.

Guidance for researchers

  • Please act in good faith: avoid privacy violations, service disruption, and destruction of data, and test only against your own device and account.
  • Give us reasonable time to release a fix before disclosing publicly.
  • We do not currently operate a paid bug-bounty programme.
  • We will not pursue or support legal action against researchers who report in good faith and in line with this policy.

Scope

  • The Bindicator hardware/firmware (the connected bin-collection reminder).
  • The Bindicator companion mobile app.
  • The Bindicator cloud backend used by the product.

A machine-readable contact is also published at /.well-known/security.txt.

Security update support period

We provide security updates for the Bindicator for a minimum of 3 years from the date you purchase it.

In practice: if a security problem is found in your device during that period, we will make a security update available to fix it. Updates are delivered automatically over the internet while your Bindicator is connected to your Wi-Fi — you do not need to do anything to receive them.

  • Minimum support period: 3 years from the date of purchase.
  • End date: three years after your purchase date. Example: a device bought on 1 March 2026 is supported until at least 1 March 2029.
  • This is a minimum. We may extend it (and will publish any extension here). We will not shorten it.

Device-security compliance

Bindicator complies with the consumer connectable-product security regimes in the markets we sell into. Our formal statements of compliance are available here: