Responsible Disclosure Policy
Iterable believes in keeping its customer data secure and private. As a company, we have a vested interest in creating a web app that keeps the data of our valued customers safe. Security is a business priority for us, and our way of demonstrating that priority is by ensuring that our Responsible Disclosure Policy allows the research community an opportunity to notify us of security threats that may impact the safety of our customers.
Iterable will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate and fix vulnerabilities in accordance with our commitment to security and privacy. We shall not take legal action against or suspend or terminate the accounts of those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy. Iterable reserves all legal rights in the event of any non-compliance.
How to Disclose
- Do not utilise an exploit to view data without authorisation or compromise confidentiality or availability.
- Do not engage in or perform any attacks that could harm the availability, integrity or confidentiality of our service.
- Do not engage in social engineering against Iterable employees, customers or infrastructure.
- Do not engage in acts of intimidation or extortion.
- When in doubt, please email email@example.com to discuss.
Do provide sufficient information to reproduce the problem, so we can resolve it as quickly as possible. Please fill out the form at the bottom of the page so we can receive and review your submission.
Do not disclose confidential information, including details on your submission, without prior and explicit consent from Iterable.
Response and Recognition
We will investigate any details you provide and respond as soon as possible, usually within one to three business days. To acknowledge the first person who alerts us to previously unknown vulnerabilities, we will show our gratitude by placing their name in the Acknowledgements list below (unless you desire otherwise). We do not offer a public bug bounty programme, and compensation requests will not be considered in compliance with this Responsible Disclosure Policy.
If you have any questions regarding this Responsible Disclosure Policy, please do not hesitate to contact us by sending an email to firstname.lastname@example.org.
We would like to acknowledge the following individuals for responsibly notifying us of vulnerabilities they discovered on our site.
• Khizar Ul Haq(NCCS-Neduet)
• Pethuraj M ( https://www.pethuraj.in )
• Mahendra Purbia (Whit3h4t) RJ30 bug hunter ( https://www.linkedin.com/in/mahendra-purbia-185b44186 )
Issues Submission Form