Zynga is dedicated to providing a safe and fair gaming environment for our players. If you believe you’ve found a security vulnerability or game logic bug (each, a “Vulnerability”) in our applications or services (our “Services”) that could adversely affect Zynga or our players, or give an unfair advantage when abused, please privately let us know by submitting a security vulnerability report (a “Report”) through our Responsible Disclosure Program (the “RDP”) as described below. Due to the sensitive nature of all Vulnerabilities, we require that you keep all information about Vulnerabilities strictly confidential and protect all such information from unauthorized disclosure. By submitting a Report as described below, you are agreeing to the terms on this web page. We may modify the terms of our RDP or terminate the RDP at any time. If you need support with any other in-game issues, please contact Zynga Customer Support.

Researching Vulnerabilities

We encourage you to responsibly research our Services for Vulnerabilities. You may set up secondary test accounts to conduct security assessments of our Services provided such accounts remain under your sole control and are used for security research purposes only.

You shall not:

• Attempt to perform malicious data destruction attacks against Zynga’s or Zynga Customer’s data or Zynga’s Services
•  Violate a person’s privacy in conducting your research
• Perform any network volumetrics attacks that adversely affect the reliability of Zynga’s Services, including but not limited to, DoS and DdoS
• Take any action in violation of applicable laws

Submitting Reports

You may submit a Report using the submission form below or you may contact our security organization by emailing Zynga Product Security to provide the vulnerability information directly. If possible, we will authenticate the fix before it is published.

By submitting a Report or any other information to us, you are granting Zynga an irrevocable, perpetual, worldwide, and royalty-free license to use, create derivatives of, disclose, sell, transfer, sublicense, or modify any such Report of information for any purpose.