Security.
How to report a security issue, how long we support your device with security updates, and our device-security compliance for the UK and Australia.
Last updated: 22 June 2026
Reporting a security vulnerability
We take the security of the Bindicator and its companion app seriously. If you believe you have found a security vulnerability, we want to hear from you and will work with you to resolve it.
How to report
Email [email protected] with:
- a description of the issue and where you found it (device, mobile app, or backend);
- the steps to reproduce it;
- any proof-of-concept, logs, or screenshots that help; and
- how we can contact you for follow-up.
If you would like to send your report encrypted, ask us for a key in your first message.
What you can expect from us
- Acknowledgement of receipt within 5 business days.
- An initial assessment, and an expected timeline where relevant, within 10 business days.
- Status updates at least every 30 days until the issue is resolved or closed, and a notification when it is resolved.
- Credit for your discovery, if you would like it and the report is valid and new.
Guidance for researchers
- Please act in good faith: avoid privacy violations, service disruption, and destruction of data, and test only against your own device and account.
- Give us reasonable time to release a fix before disclosing publicly.
- We do not currently operate a paid bug-bounty programme.
- We will not pursue or support legal action against researchers who report in good faith and in line with this policy.
Scope
- The Bindicator hardware/firmware (the connected bin-collection reminder).
- The Bindicator companion mobile app.
- The Bindicator cloud backend used by the product.
A machine-readable contact is also published at /.well-known/security.txt.
Security update support period
We provide security updates for the Bindicator for a minimum of 3 years from the date you purchase it.
In practice: if a security problem is found in your device during that period, we will make a security update available to fix it. Updates are delivered automatically over the internet while your Bindicator is connected to your Wi-Fi — you do not need to do anything to receive them.
- Minimum support period: 3 years from the date of purchase.
- End date: three years after your purchase date. Example: a device bought on 1 March 2026 is supported until at least 1 March 2029.
- This is a minimum. We may extend it (and will publish any extension here). We will not shorten it.
Device-security compliance
Bindicator complies with the consumer connectable-product security regimes in the markets we sell into. Our formal statements of compliance are available here:
- UK Statement of Compliance — Product Security and Telecommunications Infrastructure (PSTI) regime.
- Australian Statement of Compliance — Cyber Security (Security Standards for Smart Devices) Rules 2025.