Vulnerability Disclosure Policy

At GetScale, we understand the vital role that the security research community plays in maintaining the safety and integrity of the internet. In recognition of this, we are committed to working with security researchers to improve our online security and ensure the protection of our users. We encourage responsible security research on our internet-facing assets and are dedicated to reviewing and responding to security vulnerabilities reported to us.

‍Scope
‍This policy applies to any of our internet-facing assets. We welcome security research on these assets and appreciate your efforts to responsibly investigate and report vulnerabilities to us.

‍Reporting a Vulnerability
‍To report a security issue, please contact us at security@getsales.team. We will acknowledge your email within one week. We aim to resolve critical issues within ten business days of disclosure. We request that you provide us with a detailed summary of the vulnerability, including the following information:The specific internet-facing assets affected.A detailed description of the vulnerability and potential impact.Any steps to reproduce the vulnerability (Proof of Concept scripts, screenshots, and compressed screen captures are all helpful to us).

‍Research Guidelines
‍We ask that all security researchers:Avoid accessing, downloading, or modifying data residing in an account that does not belong to you.Avoid executing or attempting to execute any "Denial of Service" attack.Do not post, transmit, upload, link to, send, or store any malicious software.Refrain from exploiting any security issue you discover for any reason. (This includes demonstrating additional risk, such as an attempt to determine the extent of the vulnerability or attempting to extract non-public data.)Conduct testing only within the scope of this policy and respect systems and activities that are out-of-scope.

‍Safe Harbor
‍In line with our commitment to security research and the improvement of our security posture, we provide safe harbor from legal action under the Computer Fraud and Abuse Act (CFAA) and the Digital Millennium Copyright Act (DMCA) for researchers who:Engage in testing of systems/research in accordance with this policy;Report the vulnerability to us in a timely manner;Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services;Do not exploit a security issue they discover for any reason beyond testing.

‍Disclosure Policy
‍While we aim to address all issues in a timely manner, we request that you do not publicly disclose the details of any vulnerabilities without express consent from us. This allows us to ensure that we have the necessary fixes and mitigations in place to protect our users.We are committed to timely acknowledgment of your report, thorough investigation of the issue, and transparent communication throughout the process. We aim to keep you informed of our progress as we work to resolve the issue.