Responsible Disclosure

Last updated: 7th January 2021

Reporting Guidelines

  • Reach out to [email protected], if you have found any potential vulnerability in our products meeting all the below mentioned criteria. You can expect a confirmation from our security team in about 72 hours of submission.
  • Please refrain from doing security testing in existing user accounts.
  • When conducting security testing, make sure not to violate our privacy policies, modify/delete unauthenticated user data, disrupt production servers, or to degrade user experience.
  • You’re allowed to disclose the discovered vulnerabilities only to [email protected].
  • Documenting any potential In/Out of scope vulnerability to the public is against our responsible disclosure policy.

Qualifying Security Bugs

  • All bugs that are reported are qualified based on its impact on customer’s production data.
  • We will consider other security vulnerabilities if it is making an impact and exploitable with a working non-intrusive POC.

In Scope Domains

Bugs Severity will define the severity of the issue based on the impact and the ease of exploit.

Response Time

Response typeTime
AcknowledgementWithin 72 hours
Time taken to resolveBased on the Severity

Hall of Fame

We would like to thank the people listed here who have identified and responsibly disclosed security vulnerabilities with .