Responsible Disclosure Policy

When a potential security vulnerability is reported, it is handled with the highest priority until properly addressed. You can find our responsible disclosure policy below.

Reporting security vulnerabilities and responsible disclosure policy

If you believe that you have found a security vulnerability on EnjoyHQ, we encourage you to let us know straight away. We will investigate all legitimate reports and do our best to quickly fix the problem. Before reporting though, please review this page, including our responsible disclosure policy.

Responsible Disclosure Policy

EnjoyHQ aims to keep its service safe for everyone, and data security is of utmost priority. If you are a security researcher and have discovered a security vulnerability in the service, we appreciate your help in disclosing it to us in a responsible manner.

Your findings must fit the criteria below:

  • serious vulnerability (and not just a zero or low-risk XSS)
  • Discovered during routine use of the service as an actual user – not via an unauthorized pen test or an automatic scan,
  • Applicable to the web application only located at https://app.enjoyhq.com, and not the following domains:
    • marketing site: https://getenjoyhq.com
    • this documentation site https://documentation.getenjoyhq.com
    • any other sub-domains of either getenjoyhq.com or enjoyhq.com
Reporting

Share the details of any suspected vulnerabilities with EnjoyHQ's Security Team by sending using the following e-mail address:

Submit a request - security@getenjoyhq.com

Please do not publicly disclose these details without express written consent from EnjoyHQ. In reporting any suspected vulnerabilities, please include the following information:

  • Vulnerability details with information to allow us to efficiently reproduce your steps
  • Your name & email address
Our Commitment:

If you identify a verified security vulnerability in compliance with this Responsible Disclosure Policy, EnjoyHQ commits to:

  • Promptly (within 5 business days) acknowledge receipt of your vulnerability report
  • Provide an estimated timetable for resolution of the vulnerability if the vulnerability is accepted
  • Notify you when the vulnerability is fixed
  • Publicly acknowledge your responsible disclosure


How Did We Do?


Powered by HelpDocs (opens in a new tab)