We take security very seriously. If you find a security vulnerability, we ask you to responsibly disclose the details to us.
Reach out to email@example.com or use our vulnerability report page, if you have found any potential vulnerability in our products meeting all the below mentioned criteria. You can expect a confirmation from our security team in about 48 working hours of submission.
Please refrain from doing security testing in existing customers' production accounts.
When conducting security testing, make sure not to violate our privacy policies, modify/delete user data, disrupt production servers, or to degrade user experience.
You’re allowed to disclose the discovered vulnerabilities only to firstname.lastname@example.org or by using our vulnerability report page. Documenting any potential In/Out of scope vulnerability to the public is against our responsible disclosure policy.
If your finding is valid and unique, you may be eligible for a reward.
Out of Scope Vulnerabilities
Clickjacking / UI Redressing attack
Self-XSS and XSS that affects only outdated browsers
Using components of known vulnerability without relevant POC of attack
Host header and banner grabbing issues
Denial of Service attacks and Distributed Denial of Service attacks