Iterable believes in keeping its customer data secure and private. As a company, we have the vested interest in creating a web app that keeps the data of our valued customers safe. Security is a business priority for us, and our way of demonstrating that priority is by ensuring that our Responsible Disclosure Policy allows the research community an opportunity to notify us of security threats that may impact the safety of our customers.

Iterable will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate and fix vulnerabilities in accordance with our commitment to security and privacy. We won’t take legal action against or suspend or terminate the accounts of those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy. Iterable reserves all legal rights in the event of any non-compliance.

General Guidelines

• Do not utilize an exploit to view data without authorization, or compromise the confidentiality or availability.
• Do not engage or perform any attacks that could harm the availability, integrity or confidentiality of our service.
• Do not engage in social engineering against Iterable employees, customers, or infrastructure.
• Do not engage in acts of intimidation or extortion.
• When in doubt, please email security@iterable.com to discuss.

Reporting Guidelines

Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Please, fill out the form at the bottom of the page so we can intake and review your submission.

Confidentiality

Do not disclose confidential information, including details on your submission, without prior and explicit consent from Iterable.

We will investigate any details you provide and respond as soon as possible, usually one to three business days. To acknowledge the first person who alerts us to previously unknown vulnerabilities, we will show our gratitude by placing their name in the Acknowledgements list below (unless you desire otherwise). We do not offer a public bug bounty program and compensation requests will not be considered in compliance with this Responsible Disclosure Policy.

Questions

If you have any questions regarding this Responsible Disclosure Policy, please do not hesitate to contact us by sending an email to security@iterable.com

We would like to acknowledge the following individuals for responsibly notifying us of vulnerabilities they discovered on our site.
• Khizar Ul Haq(NCCS-Neduet)
• Pethuraj M ( https://www.pethuraj.in )
• Mahendra Purbia (Whit3h4t) RJ30 bug hunter ( https://www.linkedin.com/in/mahendra-purbia-185b44186 )
• Hanz Gumapac (https://hackerone.com/m4ngofloat)