Security
From Roll20 Wiki
Roll20 employs industry-best 256-bit SSL encryption to help protect your data and your privacy. We also have security measures in place to keep others out of your campaign data unless you specifically invite them in, encrypt our backups, and more. Our goal is to provide you with the peace of mind to know that your games are safe while in our hands.
Reporting Vulnerabilities
That said, we're not perfect, and we know there will be bugs and things we haven't thought of. If you've found an exploit or vulnerability in Roll20, please report it to us as soon as possible at team+security@roll20.net. We would appreciate a 7-day (or longer) period to deal with any issues before they are revealed publicly, should you choose to do so. In addition, while we can't offer cash bounties for reports, we have been known to give free Mentor accounts to folks who report vulnerabilities to us in a responsible manner.