Supernormal is committed to the safety and security of our customer’s data. We make every effort to ensure their data remains safe. We encourage responsible disclosure and appreciate your assistance in keeping our application secure. The following details steps you may take to disclose an issue to our team.
Before reporting, ensure you have discovered a legitimate vulnerability and not a false positive. Conduct thorough testing and gather enough evidence to demonstrate the vulnerability's impact. If you have discovered an issue, please send an email to firstname.lastname@example.org with the following details:
Our team will investigate the issue as soon as we receive your report. We will keep you updated on the progress and may reach back for further details if needed. Once the issue is resolved we will update our customers.
Supernormal will compensate you for reports of any valid vulnerabilities with a CVSS score of 4 or higher.
Our vulnerability disclosure program focuses on our primary web application and API. This includes potential vulnerabilities in the application's source code, configurations, server infrastructure, and associated services.
Out of Scope:
To encourage responsible disclosure, we offer a safe harbor policy. This means that, provided you adhere to the guidelines outlined in this document, we will not initiate any legal action against you regarding your research activities. We also commit to work with you in a timely manner to address and resolve reported vulnerabilities.
However, please note that we expect you to act ethically and responsibly, respecting user privacy, avoiding any unauthorized access to data, and refraining from any destructive actions or disruptions to our services.