Learn about EnjoyHQ's Responsible Disclosure Policy. When a potential security vulnerability is reported, it is handled with the highest priority until properly addressed. |
This article applies to: EnjoyHQ
On this page:
Reporting security vulnerabilities
- If you believe that you have found a security vulnerability on EnjoyHQ, we encourage you to let us know right away.
- We will investigate all legitimate reports and do our best to quickly fix the problem.
- Before reporting the issue, please review this page, including our Responsible Disclosure Policy.
Responsible Disclosure policy
EnjoyHQ aims to keep its service safe for everyone, and data security is of the utmost priority. If you are a security researcher and have discovered a security vulnerability in the service, we appreciate your help in disclosing it to us responsibly.
Your findings must fit the criteria below:
- A serious vulnerability (and not just a zero- or low-risk XSS)
- Discovered during routine use of the service as an actual user and not via an unauthorized pen test or an automatic scan
- Applicable to the web application only located at https://app.enjoyhq.com, and not the following domains:
- Marketing site: https://getenjoyhq.com
- Documentation site https://documentation.getenjoyhq.com
- Any other sub-domains of either getenjoyhq.com or enjoyhq.com
Reporting
- Email EnjoyHQ's Security Team using this address: security@getenjoyhq.com
- Include the following details in your email:
- Vulnerability details with information to allow us to efficiently reproduce your steps
- Your name & email address
- Important: Please do not publicly disclose these details without express written consent from EnjoyHQ.
Our Commitment
If you identify a verified security vulnerability in compliance with this Responsible Disclosure Policy, EnjoyHQ commits to:
- Promptly (within 5 business days) acknowledge receipt of your vulnerability report
- Provide an estimated timetable for resolution of the vulnerability if the vulnerability is accepted
- Notify you when the vulnerability is fixed
- Publicly acknowledge your responsible disclosure
Related content
|
|
Want to learn more? Check out these Knowledge Base articles... |
Interested in growing your skills? Check out our University courses... |
|
|
Need hands-on training?
|
Can't find your answer? Reach out to Support or our Professional Services team. |