Responsible disclosure policy

We at Custellence take the security of our users’ data and our systems very seriously and always encourage our users and ethical hackers to report any found vulnerabilities to us.

In the case you want to report such a finding you may send in a report to us at [email protected]

The report should include: steps of reproduction, proof of concept and suggested mitigation.

After you have sent in your findings we will get back to you as soon as possible and report any updates directly to you.

Recognition

To acknowledge the first person who alerts us with a security issue we show our appreciation by offering to include you in the Hall of Fame. For your report to be eligible for the HoF it has to be of medium-critical severity and previously unknown to us.

If your report meets the requirements and you wish to be included in the HoF please provide us with your name/alias and social media link (twitter, linkedin) which you want to be publicized.

Limitations

Domain in scope is staging.custellence.com.

Out of scope: help.custellence.com and the Intercom widget.

Social engineering and Denial of Service attacks, or any form of attack that could cause interruptions for other users, are not allowed to be performed against Custellence or any of its employees.

When you have found a bug you should immediately report it and not exploit it further.

You may not perform any attacks that could cause any harm to Custellence or its users or access any data you do not own yourself.

You may not publicly disclose the reported findings until a fix has been released.

Hall of Fame

Custellence is yet more secure for our customers thanks to the following people helping in reporting security issues to us following our disclosure guidelines above. We are very grateful for their assistance.

Version 2 – Valid as of 1st of September 2023