Skip to main content
Apply now

In this policy, references to "Starling Bank", "us", "we" and "our" mean Starling Bank Limited, a company incorporated and registered in England and Wales, with registered company number 09092149 and with registered address at 5th Floor, London Fruit And Wool Exchange, 1 Duval Square, London, E1 6PW.

Responsible Disclosure Policy

It’s important that anybody is able to contact us, quickly and effectively, with security concerns or information pertinent to our customers’ privacy or the confidentiality, integrity or availability of our systems. Therefore we operate a responsible disclosure policy to help security professionals and others alert us swiftly with the minimum of fuss.

If you believe you have identified a vulnerability, please read through the submission terms below and use one of the means below to contact us.

The terms below apply to any website, application or service distributed by or hosted by Starling Bank or served under a domain name owned by Starling Bank.

You can use our email address or technical partner to alert us to:

  • vulnerabilities or breaches in our software or environments which threaten the confidentiality, integrity or availability of our data or our customers' data
  • "copycat" applications or phishing attacks even if they do not originate from Starling Bank sources
  • activity, discussion or data in any public forum which you believe constitutes a threat to Starling Bank or our customers

Responsibilities

At all times act responsibly and in the best interests of Starling Bank and our customers.

  • Do not break the law
  • Do not use social engineering techniques against our customers or staff
  • Do not put any Starling Bank or customer data at risk
  • Do be specific
  • Do provide a detailed and complete submission (masking or encrypting if necessary)
  • Do reference existing vulnerability information where relevant

It is important that we treat your communication as a responsible disclosure and not an attack or extortion. Following these guidelines will help to ensure that. We act decisively on attacks and extortion attempts including reporting them to the police.

How to disclose a security issue to us

Please use the sections below to make your submission.

By emailing or providing a disclosure to us, you agree to the terms of our Privacy Notice and that we can use your submission and its contents to ensure the security, integrity and reliable operation of our technology and business.

If you are uncomfortable sending any of the following content by email, you may mask or redact sensitive content or encrypt data using the PGP key included at the bottom of this page.

Your submission should contain:

  • clear description and evidence of the vulnerability (logs, screenshots, responses)
  • detailed steps to reproduce the issue
  • any platforms, operating systems, versions that are relevant
  • any relevant IP addresses or URLs
  • any supporting evidence you have collected (logging, tracing etc.)
  • your assessment of the exploitability or impact of the issue
  • your name, role (if appropriate) and contact details

Please preserve as much evidence as possible as we may need to examine it.

How we will respond

Our ability to respond quickly and effectively to important communication on this email address is important and therefore we take steps to manage spam and quickly identify the high quality submissions.

We discourage and will not respond to:

  • reports of generic vulnerabilities with no evidence of relevance to our systems
  • reports of any information already in the public domain
  • reports that are vague or non-actionable
  • anonymous reports

We will respond quickly and gratefully if we believe that you are faithfully reporting an issue in line with these terms and in the best interests of Starling Bank and its customers.

Recognition

We do not offer financial reward for submissions but we do believe in public recognition for anyone who helps us to ensure our systems and data are secure. We will not name you without your consent. If a public endorsement is appropriate we will discuss the details with you in advance.

We are actively working to put in place a bug bounty program that will facilitate and regulate financial reward for submissions but we cannot do so at this time.

Confidentiality

You must treat all information about our systems, staff or customers that comes into your possession or that you otherwise become aware of, which is not publicly available, as strictly confidential and not share or otherwise use it for any purpose other than emailing it to us as a submission as described above.

Submit a disclosure

Anyone can report an information security issue using our dedicated email address below.

Send us an email

Submit a technical disclosure

If you have in-depth technical details such as CVSS scoring, CWE references etc, you may prefer to make your submission via our technical form.

Make a disclosure

Other

If you are uncomfortable sending your submission by email, you may mask or redact sensitive content or encrypt data using the PGP key below.

-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBFxJndoBEACqX7laPnNUu3zpfnnZQ8HC3+5JuHEb9nflnS4yW9P2Qvj3
HPBr3iNxVylf5hIpJy/9bfkaGlNifdYPPe+qVGH/2mDohyxxRPP1R7HScMOd
ra/59dQNvH0Jqx+kqeMSsT5oJKVaJuCiFNFjSdoMTmL/tJZ41/DHvLjW0yAJ
NhiQk371cKqo/4M4kNw2J6zXIJvYrjghKP7+mdzK2aA3socLQpmTAbNFFUOm
jr35nGeo4VsL012ogDeIY+/8+VLyZ31CI7devQi7Vrofu9f+P6T5LDGF+T72
Gvx1sxZZ0ytGvSnzRVQOj+NRHOGE3UvB8Cf2JXEql5ECJj1prpicyEEMpUjY
u+6bxPqkyoMpXxI2ODO77fStZtwMukRCd+DYRnnw4kt+CzxaM7/E7pi3vixP
qfftlPjowq+en9bqAQ0igvFeNpvR+EspoZBvmHNWQDYUP2cX7kOrlxB8Ui/S
Y5dQnSJvWHzR0W3N7GlEHYkdH0ZSZxh/3W1/HqLzrk1SaoszJP2G2sTtG2Vf
KSNfRDajoMYPr679l4qiQh1SiQHM0FZX/Q6MgNpEi2b4zpIc46zxaoZqJmtL
XMH0mIUn0CNq/ke/QOb6uUX7ZiktXmsdRmfHSQvBlqD7kxHOWzh2YksQUp7n
f1wG71X/BgtKQ2CpnQtvkKySbxKL/ZfWiz4mxQARAQABzTxSZXNwb25zaWJs
ZSBEaXNjbG9zdXJlIEdQRyBLZXkgPGRpc2Nsb3N1cmVAc3RhcmxpbmdiYW5r
LmNvbT7CwXsEEAEIACUFAlxJndoFCQdnzQAGCwkHCAMCBBUICgIDFgIBAhkB
AhsDAh4BAAoJEFsahmWDGXyhRKcP/AjlaZKXuu1PWpfbOzRpDoAs5vS5CGIi
d/tIIKvLvIbpWqBqv+RGozwPuSckeprEMCTaEdJXc1QLtHP/w7NHkiVYvSS8
2u8ofLWdSHjiWECf5LRvNB6JkF0iQQ9VpadHo4dMi1N/vAoDDQmDcPuIGrl9
gY3ss4lNniIHMfmHje/5HV9iVysb+s1ovI/AmzJdPKFV2ZKtTwxe4GqoOOLF
UfsFhR6E53CUsOuht1HgRpA/TEhOWZiWHORXLgq2qO3JfnXzaeSUOW6npDQf
9jUQNcW2SQ2bJwuZ3rGN2Mfum7eGQqM8Xcet5qbx2QOoCBZgDP/facGddlrq
zVUAq/wUx/br6Yjwt1C+3EZsHURKZD/yQ00QRenmOunbAyhktHNsg9+hcQEm
F9lLy5wXvPGT/IywswQIidhYPFryTtLaBT7yVxkjfTF3P+so1hcUgw/w5bqT
otuIE5PWy2FMnC722ArfePMKLpdvnQujbbGZ+xgbWAqkyayrW+eLdvkXFG/h
gJzVuJbGetX0Z3vsfXCkzvQhejPAzO0bjuOBR3qz988+BYBuLu7dPRr2EtLm
6uVMib2WNZD0uGv+BgQhP2ojljJ17JC/iuQZ+S8YyPu7gQyKTdCGWxqdpxg/
F6IPyiL55b0/6942p4aZWPiUpANW+wnS14oF6wXVuu20knrPdS+ozsFNBFxJ
ndoBEACrpsBZH8rSa00cZTo6kxSAjinOSdvynwjRJN6hNA2mg8pme2RAixRh
0RulrFNXQ8wWn3b7+lA4CyHDfn8gEnXAyxsjubFzdqTCOWZAEEZMzeh0+0b5
soJ40tgbmBO25jMqcFfwwCHjBGQ51TB/+Go/h8nWPeKpQTXh3mkpLACAPM62
CCMYFovj+d/M8Sea1niyDDxWBbWC3KjKGpedJMDgLPlA3YwpkTToheieDQUY
m6HsvyUX7g6aNB0jgHos0J+8S1IrkTO4X6epvFIcnqKiTmouoR46yzRzJd4v
i+eHFI2EwX9DprMeEPpqHioeatwVELt3QAJfoglZaM9BhvJPV5aIhjakw6hS
uKyjekkWqDkLPIGnXDvTik0LmpHX4NVgOYra/Q/9camT3cnqL5meUgmf+E3a
bYzSmLcfmx8+thzGKExVtRy+R4q8iltujISTzHnJEdVrAYK47eU2Oo/n+CUb
/+SqAW2sxxLD1Y2kzwANCv6HXdPzri4eXeLYaQswSWP8e9sFSsQ4J5pdFpZ9
/5QCeR9b1DSjfNqy79xdAQ5jfm7ZxBAV2ny4HpFa1mJPOq6TnKyhwfRmtPAP
WXfGMtkIGtFd9dNIKHsT0FUuVHkAGYwMWoD1E6hzY+tEIa0RuYdhJYuThW+E
ipWztXA6tZbMsVJITtscybV957IYyQARAQABwsFlBBgBCAAPBQJcSZ3aBQkH
Z80AAhsMAAoJEFsahmWDGXyh/u4P/R6EU8gCO8IYp1q/0qfzYOfQuBhHTxet
sgJK4/HDe3A8e5QY/OlAJidzk4zJWLnLfbk6ljbCG1GBxJmfbZ0qz8vdbrat
A9VFSVpdG8YfyOe6U8VD0ZtVgIL4/seXnrAqhbSc6llSZqOCImtXZiiBuOKH
k/mFUsMpBYV3MIfsa7yOFUtiJHfPpnGeCoSV5UbHRlyongDfnzRtwL9yqPdV
ljMmaIvstZ2MJ6SEjbsKMBmbEBi4l91lv7NRTDnDkKPWlSJntuqgOCSjCW2A
O31SqAYSe6b0MrZ+w+ETLtFk2MIYMkv32/4obAwxkG0fmxS4J/Wrvw1UJlgN
p08Nykf2oulNPB5T8oIiIGhUjSjr3dYRNwluRKNoMO722NmOeREpvvRZEZvP
vmiiQiXOj3xt8Gy+yy2MRLpTlzoGI0Cg4n2uZXajoHjCx15HXNeJuzZ8fZJ9
8Ax6jWpRlJUssvtG1P0cQaGTgZlZYjU6t6THH0PV9ypWsCb1rUGFElRRnwrV
N9+/13zOy5ej5y6/8+dpFO2q6RInNQ1C+9gxH+hNrQM4K6bTp2Pbhtegqmyx
M3eX2lltK+jYrQ9Zdpnub57QPV8njJcQBqbSQKG8wKl11l5gxzINjqvLyQMr
kYiYdEWoDRaAAbxn9FJPEHRhQpj4XgzbirwxkaOCGIaJJpno3Ct/
=TXEz
-----END PGP PUBLIC KEY BLOCK-----

Apply for a Starling bank account today and enjoy app-based banking at its best.

Start your application
Help