The Forrester Wave™: CCCM


Iterable believes in keeping its customer data secure and private. As a company, we have the vested interest in creating a web app that keeps the data of our valued customers safe. Security is a business priority for us, and our way of demonstrating that priority is by ensuring that our Responsible Disclosure Policy allows the research community an opportunity to notify us of security threats that may impact the safety of our customers.

Iterable will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate and fix vulnerabilities in accordance with our commitment to security and privacy. We won’t take legal action against or suspend or terminate the accounts of those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy. Iterable reserves all legal rights in the event of any non-compliance.

How to Disclosure

General Guidelines

  • Do not utilize an exploit to view data without authorization, or compromise the confidentiality or availability.
  • Do not engage or perform any attacks that could harm the availability, integrity or confidentiality of our service.
  • Do not engage in social engineering against Iterable employees, customers, or infrastructure.
  • Do not engage in acts of intimidation or extortion.
  • When in doubt, please email to discuss.

Reporting Guidelines

  • Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation.
  • Email findings to


Do not disclose confidential information, including details on your submission, without prior and explicit consent from Iterable.

Response and Recognition

We will investigate any details you provide and respond as soon as possible, usually one to three business days.

To acknowledge the first person who alerts us to previously unknown vulnerabilities, we will show our gratitude by placing their name in the Acknowledgements list below (unless you desire otherwise).

We do not offer a public bug bounty program and compensation requests will not be considered in compliance with this Responsible Disclosure Policy.


If you have any questions regarding this Responsible Disclosure Policy, please do not hesitate to contact us by sending an email to


We would like to acknowledge the following individuals for responsibly notifying us of vulnerabilities they discovered on our site.

  • Khizar Ul Haq(NCCS-Neduet)
  • Pethuraj M ( )
  • Mahendra Purbia (Whit3h4t) RJ30 bug hunter ( )