Security
Product Security
How to report security issues in Trackd products and the security update support period for Trackd Mount.
Last updated: July 6, 2026
Report a security issue
If you believe you have found a security vulnerability in a Trackd product, app, website, firmware, Bluetooth service, or connected system, contact Trackd at security@trackdsport.com. If that mailbox is unavailable, contact trackd@trackdsport.com and include Security Report in the subject line.
Please include enough detail for us to understand and reproduce the issue, such as the affected product, app version, firmware version, device model, steps to reproduce, potential impact, and your preferred contact details.
How Trackd handles reports
Trackd will review security reports in good faith, acknowledge reports where contact details are provided, assess severity, and provide status updates as the issue is investigated and resolved.
We ask researchers not to access, modify, delete, or disclose another person's data, disrupt Trackd services, or publicly disclose a vulnerability before Trackd has had a reasonable opportunity to investigate and deploy a fix.
Security update support period
Trackd Mount devices first supplied in the July 2026 launch batch will receive security updates until at least 31 July 2029.
Trackd may extend this support period, but will not shorten the published end date for devices already supplied. Security updates may be delivered through the Trackd app, firmware updates over Bluetooth, or another update channel Trackd makes available.
Product security commitments
Trackd designs production Trackd Mount firmware to avoid universal default passwords, to use per-device or user-established Bluetooth credentials, and to accept only authorised firmware updates.
Trackd Mount is designed so the phone app handles account and cloud communication. The mount should not contain a shared long-lived cloud API secret. Production firmware builds are intended to restrict debug access and protect firmware integrity.