Enveloppe with an "@" symbol on the back



  • 漏洞及其潛在影響的說明;
  • 受影響的主機、服務或 URL 清單;
  • 重現漏洞的必要步驟;
  • 如何識別該漏洞;
  • 您的聯絡資訊。


Strictly Forbidden Activities

As stated above, active research of vulnerabilities (e.g., scans) is not authorised. Also note that the following activities are strictly forbidden and monitored: 

  • any activity that could lead to the disruption of our services (DoS, DDoS, spam, etc...); 
  • any activity that would threaten the integrity of user data; 
  • any activity that would breach the confidentiality of user data; 
  • usage of automated tools to find vulnerabilities; 
  • any fraudulent transaction.

Swissquote Group reserves the right to bring any legal action against any person acting in a manner considered as illegal, illicit or as infringing the above. 


This program applies to the following: 

  • domains where Swissquote Group Holding SA is listed as the Registrant Organisation, more specifically domains under  "" and ""; "" is excluded from the above;
  • domains where YUH SA is listed as the Registrant Organisation; 
  • mobile applications published by Swissquote Mobile on the Android Play Store; 
  • mobile applications published by Swissquote on the Apple Store. 

Certain vulnerabilities are considered out of scope for this program. These include: 

  • outdated or vulnerable software versions if no clear exploitability can be demonstrated; 
  • bugs requiring non‑trivial prior knowledge, such as a session token, as prerequisite; 
  • missing best practices in SSL/TLS configuration; 
  • social engineering related issues; 
  • physical security of Swissquote Group property. 

Got further questions?

If you didn’t find the information you were looking for or you still have questions, check out other Help categories.