Keeping data safe at #BONDSTEIN
We understand that keeping data secure is critical for everyone: our customers, the developers who connect to our products, and the security experts who watch for vulnerabilities. So if you're a security researcher or developer, here's everything you need to know about how Bondstein keeps data safe and how you can help.
Our responsible disclosure policy.
If you’re a security researcher and think you’ve found a security vulnerability, we want to hear about it right away. We ask that you give us a reasonable amount of time to respond to your report before making any information public. Please don’t access or modify user data without permission of the account owner and act in good faith not to degrade the performance of our services (including denial of service). If you comply with these requests, we won’t take legal action against you.
We’re interested in the following areas:
• Cross-site scripting (XSS)
• Cross-site request forgery (CSRF/XSRF)
• SQL injection (SQLi)
• Authentication/authorization for devices or clients
• Sharing/public model
• Remote code execution
• Data exposure
• Alert/notification spoofing
• Track My Vehicle®, Bondstein Protect, or Dropcam local Denial of Service (DoS)
• Project Prime®, Bondstein Protect, or Dropcam resets and lockups
• Wireless vulnerabilities (but not including wireless Denial of Service (DoS))
Out of scope areas:
• Website or API Denial of Service (DoS)
• Wireless Denial of Service (DoS)
• Issues only present in old/end-of-life browsers and old plugins
Our security problems submission policy.
Bondstein does not have any Reward Program involving any Bondstein apps and/or online properties; Still if you want to report a vulnerability, please email
Frequently asked questions about Bondstein security.
We do everything in our power to make sure data is used for one purpose: create access to technology for everyone. To find out exactly how we keep data secure, take a look below.
What type of encryption do you use?
Bondstein apps and Web APIs connect to the cloud service using AES 128-bit encryption and Transport Layer Security (TLS). Bondstein Protect alarms use a proprietary secure protocol similar to TLS to share data, while Dropcams have perfect forward secrecy, use 2048-bit RSA private keys for key exchange with the cloud service, and encrypt video using AES-128. Bondstein devices communicate with each other using Bondstein Intra Device Protocol
What information is stored on Bondstein devices?
Your Bondstein devices collect setup information like your ZIP or postal code, your Wi-Fi network information [in cases], environmental data from sensors like temperature and humidity, temperature adjustments, usage and occupancy information, and more. Read full Privacy & Terms.
Where is my Bondstein Account password stored?
Account passwords are not stored directly on our servers. Bondstein follows best practices and uses a non-reversible, slow, salted key-derivation function to protect your password.
How do you store my data online?
Bondstein uses Godaddy Web Services (AWS) for cloud servers and online storage. Godaddy’s security policies can be found here.
How does Bondstein prevent and resolve security issues?
Bondstein has a dedicated engineering team that’s focused on monitoring security threats and updating our systems as needed. Members of the operations team are also continually keeping our servers up to date with security patches and operating system updates.
In addition, Bondstein does not have any Reward Program involving any Bondstein apps and/or online properties; Still if you want to report a vulnerability, please email
What access do third parties have through the Works with Bondstein program?
Bondstein use no third party APIs or resources thus it has no reason to provide access to third party. But in case of the legal enforcement all data are accessible under the existing law of People republic of Bangladesh.
When you connect another app to Bondstein Product line, you’ll be shown what data they’re requesting access to before confirming the connection.
Can my Bondstein device be hacked using the USB port?
USB-based hacking is a jailbreak that requires physical access to a device. Physical jailbreaks like this don't compromise the security of our servers or the connections to them. There have been no known instances of anyone hacking a Bondstein product remotely.