Security is everybody's business. We pride ourselves on making Cleafy a secure product, but we are aware that no software is ever bug free. As such, there will occasionally be security issues. This policy outlines how we approach security vulnerabilities.
In general we follow the practice of responsible disclosure:
We currently do not have a monetary rewards program for unsolicited security research, nor do we have a bug bounty program in place.
If you have a concern regarding security with Cleafy, or would like to report a security vulnerability, please send an email to security@cleafy.com.
For security vulnerabilities, please include as much information as possible, with full details about how to reproduce and validate the vulnerability, preferably with a proof of concept. If you wish to encrypt your report, please use our PGP key.
Please give us a reasonable amount of time to correct the issue, before making it public.
We will respond to your report within 1 business day.
Last update June 17, 2020