Responsible Disclosure Policy

Iterable believes in keeping its customer data secure and private. As a company, we have the vested interest in creating a web app that keeps the data of our valued customers safe. Security is a business priority for us, and our way of demonstrating that priority is by ensuring that our Responsible Disclosure Policy allows the research community an opportunity to notify us of security threats that may impact the safety of our customers.

Iterable will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate and fix vulnerabilities in accordance with our commitment to security and privacy. We won’t take legal action against or suspend or terminate the accounts of those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy. Iterable reserves all legal rights in the event of any non-compliance.


How to Disclosure


General Guidelines

Reporting Guidelines


Do not disclose confidential information, including details on your submission, without prior and explicit consent from Iterable.

Response and Recognition

We will investigate any details you provide and respond as soon as possible, usually one to three business days.

To acknowledge the first person who alerts us to previously unknown vulnerabilities, we will show our gratitude by placing their name in the Acknowledgements list below (unless you desire otherwise).

We do not offer a public bug bounty program and compensation requests will not be considered in compliance with this Responsible Disclosure Policy.


If you have any questions regarding this Responsible Disclosure Policy, please do not hesitate to contact us by sending an email to