Information security is our priority
Rivian is dedicated to a secure and safe relationship with its customers which extends to all technology on Rivian websites, applications, products, or platforms (the "Rivian Products"). Purchase and/or use of the Rivian Products is subject to the General Terms and Conditions ("Rivian Terms") and all users are required to follow those Rivian Terms. We understand that customers or security researchers may identify security vulnerabilities or other issues with our website and products. We encourage anyone who becomes aware of any issues to immediately notify us through the link below.
We will investigate your security vulnerability submission (“Vulnerability Report”) to address any confirmed vulnerabilities as soon as possible. To encourage responsible submission of Vulnerability Report(s), we will not take legal action against you, nor request law enforcement to investigate you, and consider your actions in a Vulnerability Report as “authorized” on the condition that you comply with the guidelines described in the Rivian / HackerOne Vulnerability Disclosure Program.
By disclosing a Vulnerability Report to Rivian, you give Rivian, without charge, royalties or other obligation to you, the right to make, have made, create derivative works, use, and/or share your Vulnerability Report in any way and for any purpose. Please do not provide Rivian with any Vulnerability Report that is subject to a license which requires Rivian to license software, technology, or documentation from a third party. Additionally, any personal information you provide in association with the Vulnerability Report or related communications is subject to the Rivian Data Privacy Notice.
Rivian does not currently sponsor a formal bug bounty program but may recognize and/or reward security researchers for vulnerability reports at Rivian’s discretion. Rivian appreciates the contributions that our community members make to the development of our products.