Report a Security Vulnerability
To report a security or privacy vulnerability in any of Oura’s products, websites, or services, please email firstname.lastname@example.org.
Helpful information to include:
- Device type, operating system, browser, and/or app version
- Screenshots or video of the security bug
- Description of the vulnerability, or steps to recreate the behavior
You can also email email@example.com to report phishing attempts.
Occasionally, people will create fake emails or websites designed to imitate Oura. These sites or domains can be used to attempt to steal personal information, such as bank account information or passwords. This is often called phishing and is something we as an organization take very seriously.
If you receive an email or are directed to a website that looks like Oura but asks for confidential information, we advise you to exercise caution.
How To Identify Fraudulent Emails and Websites
Check for Official Oura Domains
Fraudulent emails often come from domains that may appear similar, such as @ouraringmedia. But legitimate emails from Oura will only come from the following domains:
If the email you've received was not sent from one of these domains, it's not from Oura.
Please note, the email address firstname.lastname@example.org is in fact a legitimate email address of Oura. If you've recently received a personalized offer from this address, you are safe to engage with it!
Check for Legitimate Links
Illicit emails can contain links to fake Oura web pages that try to steal your information. Don’t click on links in any emails you’re unsure of.
If you click a link that takes you to a page that looks like Oura but doesn’t start with this address, it’s a fraudulent page and you should close it immediately.
Check the Website Address
Pay particular attention to misspellings of Oura's name. If Oura is misspelled in the website address, the website is fake.
Check for a Lock Icon in Your Browser
You can tell if a website is secure by looking for a lock icon in your browser’s address bar. All of Oura's websites will have this icon. If this icon isn't in the address bar, your connection to the website isn’t secure. Don't enter any personal information if you don't see this lock icon.
Another way to identify if the site is secure is if the URL includes "https" and not "http".
Be Wary of Manipulative or Threatening Tones
Fraudulent emails and websites often contain urgent tones and threaten account suspension, or show a delayed payout if you don't click a link or provide certain information immediately. Avoid submitting information or clicking pop-ups if you're unsure of the source.
If you believe you've been targeted by a phishing scheme imitating Oura, please contact email@example.com. Our team will review your request and advise you on whether or not further action is needed.
Thank you for helping keep the Oura community safe and secure!