Vulnerability Disclosure

Our Commitment

At Dayforce HCM, we prioritize customer trust. We are committed to addressing vulnerabilities and maintaining the security of our platform. We welcome any efforts that help us keep the Dayforce HCM platform secure.

Reporting a Security Vulnerability

We appreciate the efforts of security researchers in helping us keep Dayforce HCM secure. If you believe you've discovered a security vulnerability within Dayforce HCM, please report it to us using the form below. Your input is valuable in making our platform safer for everyone.

 

Guidelines for Reporting Vulnerabilities

To help us resolve issues as quickly as possible, we ask that all security researchers follow these guidelines:

  1. Scope: Only test Dayforce HCM’s publicly available services. Please do not attempt to access or interfere with systems that are not part of this scope.

  2. Responsible Reporting: We ask that you do not exploit the vulnerability or cause any harm to the platform or its users during the testing process.

  3. No Sensitive Data: When submitting a report, please do not include any sensitive data such as user credentials or personal information.

  4. Legal Compliance: Please ensure that your testing does not violate any laws or regulations.

  5. Prohibited Actions: Do not perform actions that may negatively affect Dayforce HCM or its users, such as:

    • Executing or attempting to execute any Denial of Service (DoS) attack.

    • Posting, transmitting, uploading, linking to, sending, or storing any malicious software or files.

    • Testing third-party applications, websites, or services that integrate with or link to Dayforce HCM applications.

  6. No Phishing or Social Engineering: Testing involving phishing, social engineering, or any unauthorized attempts to access user or employee information is not permitted.

  7. Ownership of Reports: By reporting a security bug or vulnerability, you grant us the right to use your report for any purpose related to our security program, including but not limited to disclosure, remediation, and crediting your contribution.

 

By following these guidelines, you help ensure a productive and secure reporting process for everyone.

 

Privacy Policy

To learn more about how Dayforce HCM handles, processes, and safeguards personal data, please refer to our Privacy Policy at https://www.dayforce.com/privacy

 

Last Update

This page was last updated on May 12, 2025. We may update this page periodically to reflect changes in our processes or security measures. Please check back for the most current information. 

Subscribe to our Blog

© 2025 Dayforce