At OWOX, we take security very seriously.

Our data connectors are open source because we believe users should never be forced to share credentials with third parties. This design empowers you to review the code yourself and ensure your data remains in your control.

For the Apps Script Edition, all credentials are stored exclusively in each user’s Document Properties. This means:

• No one but you has access to your data or credentials.
• The script runs in your own Google account environment.
• Access to your data is only granted if you explicitly authorize it.

We encourage transparency — if you have any questions or concerns, you’re welcome to review the source code, explore open discussions, or reach out to us directly.

We strongly recommend using the latest version of OWOX BI and its connectors. Each release may include important security updates, so keeping your setup current is essential for optimal protection.

If you discover a potential security vulnerability, we ask that you disclose it responsibly:

• Do not create a public GitHub issue.
• Instead, contact our team at: [email protected]

We commit to acknowledging your report promptly and working closely with you to confirm the issue and plan a timely fix.

While OWOX does not currently offer a private bug bounty program or monetary rewards, we deeply appreciate the efforts of the security research community. You can report vulnerabilities through our official program on https://hackerone.com/owox.

Submitting reports there helps strengthen the security of our products and builds your reputation within the global security community.