Responsible security disclosure

Alzheimer’s Society takes the security of its websites, systems, and information seriously. We welcome good‑faith reports of potential security vulnerabilities so that we can investigate and address them appropriately.

How to report a security issue

If you believe you have identified a security vulnerability affecting Alzheimer’s Society, please report it by email to: 
[email protected] 

Please include enough detail for us to understand and reproduce the issue, such as the affected URL or system, a description of the behaviour observed, and any relevant technical information.

What we ask of researchers

We ask that you:

  • Act in good faith and avoid harm to our users, supporters, or reputation.
  • Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue.
  • Do not access, modify, or delete data belonging to others.
  • Do not carry out denial‑of‑service or automated scanning that could impact availability.
  • Do not publicly disclose details of the issue until we have had reasonable time to investigate and remediate.

What you can expect from us

We will review all credible reports and assess their impact. Where a genuine issue is identified, we will prioritise remediation based on risk.

We do not currently operate a bug bounty programme and are unable to offer financial rewards. We may not respond individually to all submissions.

Thank you for helping us keep Alzheimer’s Society and its services secure.