RESPONSIBLE DISCLOSURE POLICY

Effective date: Dec 13, 2019

SalesHandy takes the security of its systems seriously and values the security community. The responsible disclosure of security vulnerabilities helps SalesHandy in ensuring the security and privacy of its users.

Disclosure Policy

We ask that you do not share or publicize an unresolved vulnerability with/to third parties. If you submit a vulnerability report, the SalesHandy security team and associated development teams will use reasonable efforts to investigate all legitimate reports and do our best to quickly fix the problem.

When conducting security testing, make sure not to violate our privacy policies, modify/delete unauthenticated user data, disrupt production servers, or to degrade the user experience.

Scope

SalesHandy product scope limits to,

  • saleshandy.com
  • app.saleshandy.com

Qualifying Security Bugs

All bugs that are reported are qualified based on its impact on customer’s production data.
We will consider other security vulnerabilities if it is making an impact and exploitable with a working non-intrusive POC.

How to report a security vulnerability?

If you believe you’ve found a security vulnerability in SalesHandy then please send it to us by emailing security@saleshandy.com. Please include the following details with your report:
Description of the location and potential impact of the vulnerability;
A detailed description of the steps required to reproduce the vulnerability (POC scripts, screenshots, and compressed screen captures are all helpful to us);

Hall of Fame

At SalesHandy, we use our Hall of Fame program to recognize people who have responsibly shared one or more security vulnerabilities, enabling us to serve our customers better.

  • Muhammad Hammad
  • Anderson Mcckay
  • Tayyab Sial
  • Muhammad Asad