Fannie Mae and Esusu team up to create equitable financial opportunities for millions through rent reporting. Read on!

Our security commitment

At Esusu, protecting customer data is our #1 priority.

Esusu customers and partners trust us with their most important data. Because of that, security is a top priority for our product and engineering teams.

As part of our commitment to keeping customer data secure, Esusu undergoes regular penetration testing, security reviews by credit bureaus and third-party auditors. In addition, our systems are designed to comply with the Fair Credit Reporting Act (FCRA).

World class security protocols

Data storage & processing

Data is stored and processed in the cloud on secure platforms owned and maintained by independent third parties that are SOC 2 Type 2 certified.

Data encryption

Customer and partner data is encrypted at rest and in transit.

Data permissions & authentication

Access to customer data is restricted to authorized personnel, and team members use multi-factor authentication to access cloud-based service providers.

Certification

Esusu is SOC 2 Type 2 certified, and all team members are required to adhere to the company’s security policies and code of conduct.

SOC 2 Type 2 certified

Contact Us

Please complete the form below and an Esusu team member will get back to you within 1-2 business days.

*Required

First Name CP(Required)
Last Name CP(Required)

Bug Bounty Program

The Esusu Bug Bounty Program Terms and Conditions (“Terms”) cover your participation in the Esusu
Bug Bounty Program (the “Program”). These Terms are between you and Esusu Financial, Inc. (“Esusu,”
“us” or “we”). By submitting any vulnerabilities to Esusu or otherwise participating in the Program in any
manner, you accept these Terms.

IF YOU DO NOT AGREE TO THESE TERMS, PLEASE DO NOT SEND US ANY SUBMISSIONS OR OTHERWISE
PARTICIPATE IN THIS PROGRAM.

We encourage security professionals to practice responsible disclosure and let us know right away if a vulnerability is discovered on the site. We will investigate all legitimate reports and follow up if more details are required. You can submit the vulnerability report at this link: https://esusurent.com/security/

Maintaining the security of our applications and networks is a high priority for Esusu. If you have information related to security vulnerabilities of Esusu products and services, please submit a report in accordance with the guidelines below.

  • Please provide, as much as possible, detailed reports with reproducible steps.
  • Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
  • Multiple vulnerabilities caused by one underlying issue will only be responded to once.
  • Social engineering (e.g. phishing, vishing, smishing) is prohibited.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

It is your responsibility to comply with any polices that your employer may have that would affect your eligibility to participate in the Program. Esusu disclaims any and all liability or responsibility for disputes arising between an employee and their employer related to this matter. There may be additional restrictions on your ability to enter the Program depending upon your local law.

Please submit your report by clicking on the “Contact Us” button or sending email to bugs@esusu.org. Your submission will be reviewed and validated by a member of the Esusu Security team. Providing clear and concise steps to reproduce the issue will help to expedite the response. As a bare minimum, please include in your report:

  • List the URL and any affected parameters
  • Describe the browser, OS, and/or app version
  • Describe the perceived impact. How could the bug potentially be exploited?

  • You must comply with all applicable Federal, State, and local laws in connection with your security research activities or other participation in this vulnerability disclosure program.
  • You agree that You shall not, without the prior written consent of Esusu in each instance (i) use in advertising, publicity or otherwise the name of Esusu or its Affiliates or any trade name, trademark, trade device, service mark, symbol or any abbreviation, contraction or simulation thereof owned by Esusu or its Affiliates, or (ii) represent, directly or indirectly, any service or work provided by You as approved or endorsed by Esusu or its Affiliates.
  • You agree that any and all information acquired or accessed by You as part of this exercise is confidential to Esusu and You shall hold the Confidential Information in strict confidence and shall not copy, reproduce, sell, assign, license, market, transfer or otherwise dispose of, give or disclose such information to third parties or use such information for any purposes other than for the performance of your work.
  • You acknowledge and agree that any and all information you encounter in the course of assessing our websites or publicly accessible assets is owned by Esusu or its third party providers, clients or customers. You have no rights, title or ownership to any information that you may encounter.
  • You must not engage in activity that is harmful to you, the Program, or others (e.g., transmitting
    viruses, stalking, posting terrorist content, communicating hate speech, or advocating
    violence against others).
  • You must not infringe upon the rights of others (e.g., unauthorized sharing of copyrighted
    material) or engage in activity that violates the privacy of others.
  • Esusu may modify the terms of this policy or terminate the policy at any time.
  • By clicking Submit Report, you consent to Your Information being transferred to and stored in the United States and acknowledge that you have read and accepted the Terms, Privacy Policy and Disclosure Guidelines presented to you when you created your account.
    Please use your own account for testing or research purposes. Do not attempt to gain access to another user’s account or confidential information.
  • Please do not test for spam, social engineering or denial of service issues. Your testing must not violate any law, or disrupt or compromise any data that is not your own.

Other than your submission, Esusu does not consider or accept unsolicited proposals or ideas, including
without limitation ideas for new products, technologies, promotions, product names, product feedback
and product improvements (‘Unsolicited Feedback’). If you send any Unsolicited Feedback to Esusu
through the Program or otherwise, Esusu makes no assurances that your ideas will be treated as
confidential or proprietary.

ESUSU MAKES NO WARRANTIES, EXPRESS OR IMPLIED, GUARANTEES OR CONDITIONS WITH RESPECT TO
THE PROGRAM. YOU UNDERSTAND THAT YOUR PARTICIPATION IN THE PROGRAM IS AT YOUR OWN
RISK. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAW, WE EXCLUDE ANY IMPLIED WARRANTIES IN
CONNECTION WITH THE PROGRAM. YOU MAY HAVE CERTAIN RIGHTS UNDER YOUR LOCAL LAW.
NOTHING IN THESE TERMS IS INTENDED TO AFFECT THOSE RIGHTS, IF THEY ARE APPLICABLE.

If you have any basis for recovering damages in connection with the Program (including breach of these
Terms), you agree that your exclusive remedy is to recover, from Esusu or any affiliates, resellers,
distributors, third-party providers, and vendors, direct damages up to $100.00. You can’t recover any
other damages or losses, including direct, consequential, lost profits, special, indirect, incidental, or
punitive. These limitations and exclusions apply even if this remedy doesn’t fully compensate you for
any losses or fails of its essential purpose or if we knew or should have known about the possibility of
the damages. To the maximum extent permitted by law, these limitations and exclusions apply to
anything or any claims related to these Terms and the Program.

If a dispute arises in connection with these Terms, you and Esusu agree to make good faith efforts to
resolve it informally for 60 days. If such efforts are unsuccessful, you and Esusu agree to binding
individual arbitration before the American Arbitration Association (‘AAA’) under the Federal Arbitration
Act (‘FAA’), and not to sue in court in front of a judge or jury. Instead, a neutral arbitrator will decide
and the arbitrator’s decision will be final except for a limited right of review under the FAA. Class action
lawsuits, class-wide arbitrations, private attorney-general actions, and any other proceeding where
someone acts in a representative capacity aren’t allowed. Nor is combining individual proceedings
without the consent of all parties.

  • The AAA rules will govern payment of filing fees and the AAA’s and arbitrator’s fees and
    expenses.
  • These Terms govern to the extent they conflict with the AAA’s Rules.
  • You and Esusu agree to file any claim or dispute in arbitration within one year from when it first
    could be filed. Otherwise, it’s permanently barred.
  • If the class action waiver is found to be illegal or unenforceable as to all or some parts of a
    dispute, then those parts won’t be arbitrated but will proceed in court, with the rest proceeding
    in arbitration. If any other provision of this section is found to be illegal or unenforceable, that
    provision will be severed but the rest of this section still applies.

The laws of the State of Delaware govern all claims, regardless of conflict of laws principles, except that the Federal Arbitration Act governs all provisions relating to arbitration. You and Esusu irrevocably consent to the exclusive jurisdiction and venue of the state or federal courts in New York County, New York for all disputes arising out of or relating to these Terms or the Program.

These Terms make up the entire agreement between you and Esusu for your participation in the Program. It supersedes any prior agreements between you and Esusu regarding your participation in the Program. All parts of these Terms apply to the maximum extent permitted by relevant law. If a court or arbitrator holds that we can’t enforce a part of these Terms as written, we may replace those terms with similar terms to the extent enforceable under the relevant law, but the rest of these Terms won’t change.

Thank you for helping keep Esusu and the personal data of our employees and customers safe.