Skip to main content
Staffify Docs
DocsSecurityVulnerability Disclosure

Vulnerability Disclosure

We welcome responsible disclosure of security vulnerabilities. If you discover a security issue, please report it to us confidentially.

How to Report

Send a detailed report to [email protected] including:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact assessment
  • Any supporting evidence (screenshots, logs)

In Scope

  • Authentication and authorization flaws
  • Cross-site scripting (XSS) and injection
  • Data exposure or privacy issues
  • API security vulnerabilities
  • Business logic flaws

Out of Scope

  • Denial of service (DoS/DDoS) attacks
  • Social engineering or phishing
  • Physical security concerns
  • Third-party service vulnerabilities

Response Timeline

  • 24 hours: Acknowledgment of your report
  • 72 hours: Initial assessment and triage
  • Ongoing: Regular updates until resolution
Previous
Incident Response
Next
Compliance
Security - Vulnerability Disclosure