Working on a computer

Report a Security Vulnerability

Our Policy

Paychex encourages researchers to share with our team the details of any suspected vulnerability by submitting the form below. By clicking "Report Vulnerability", you acknowledge you have read, understand, and agree to the guidelines described in this policy for the conduct of security research and disclosure of potential vulnerabilities. Paychex will not take legal action against individuals who discover and report vulnerabilities provided they adhere to these guidelines.

Any information you receive or collect about Paychex, its clients, or their employees during the discovery of a suspected vulnerability must be kept confidential and only used in connection with the Responsible Disclosure Policy. You may not use, disclose, or distribute any such confidential information, including, but not limited to, information regarding your submission and information you obtain when researching Paychex sites, without prior written consent from Paychex.

Scroll Down

To Discover More

Paychex commits to the following:

  • Working with you to understand and validate the suspected vulnerability (a valid email or claim form must be provided).
  • Addressing the vulnerability, if deemed appropriate by Paychex, in a timeframe to be determined by Paychex.

Paychex has partnered with Bugcrowd for the administration of this form. Responses and communication regarding submissions may come from Bugcrowd. This Responsible Disclosure program does not include monetary award or bounty.