Skip to content
TrackJet

7-day Pro trial included with every new account — no card, no charge.

Start free with 20 saved shipments. Every new account also gets a 7-day Pro trial — no card required.

Start 7-day Pro trial

Security · responsible disclosure

Security at TrackJet

We take security seriously and welcome reports from researchers. The machine-readable policy lives in our security.txt (RFC 9116); this is the human version.

Report a vulnerability

Send details to [email protected]: the affected URL/endpoint, steps to reproduce, and the likely impact. Encryption available on request. Please give us reasonable time to fix before any public disclosure.

Safe harbour

Act in good faith under this policy and we will not pursue legal action against you and will consider your research authorised. Do not access other people's data, modify anything, or degrade the service.

Scope

trackjet.world and the public API/MCP surface. Out of scope: load/DoS testing, high-rate scanning without rate-limiting, social engineering, physical access, and the carriers' own websites we merely link to — those belong to their respective providers.

Response time

We acknowledge receipt within 5 business days and keep you posted on remediation status.

Bug-bounty status

During early access there is no paid bounty yet. We credit reporters who want it — just tell us how you would like to be named.

Proof, not promises

Our security and reliability claims are verifiable:

  • Weekly restore drills: The newest backup is restored into a scratch database every week and checked against minimum row counts. Details in the Trust Center.
  • Self-measured uptime: A canary exercises the real user paths around the clock; the same numbers are on the status page.
  • Verifiable timelines: Any saved timeline can be checked offline against our published key — verifier.