Our commitment

We take the security and privacy of our users and their data seriously, and we value the security community. Responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our users.

Reporting security vulnerabilities

If you believe you’ve found a security vulnerability in our software please email it to security@simpleinnovation.us. It will be very helpful for all concerned if you include the following details in your email submission:

  • Description of the location and potential impact of the vulnerability;

  • Steps required to reproduce the vulnerability (scripts, screenshots, and compressed screen captures are all helpful to us)

We will usually respond with an acknowledgement within 96 hours. If you do not receive any response from us the issue may have already been reported or the description provided may not be understandable. We request you to adhere to the principles of responsible disclosure which include, but not limited to:

  • Access and expose customer data that is your own.

  • Avoiding scanning techniques that are likely to cause degradation of service to other customers (e.g. by overloading the apps or associated services).

  • Keep within the guidelines of our Terms Of Service.

  • Keep details of vulnerabilities secret until the SimpleInnovation security team has been notified and has had a reasonable amount of time to fix the vulnerability.

Refrain from public disclosure

Taking into consideration the safety of our users please do not publicize any security vulnerabilities. We expect to fix all security issues within 30 days from the date of the reported issue. Once an issue has been fixed we will explicitly acknowledge this and at that time you are free to publish your work.

Rewards & Recognition

You may receive recognition and/or a reward depending on various factors like :

  • Being the first person to report the previously unknown vulnerability.

  • The severity level of the reported issue.

  • Compliance with our guidelines.

If you prefer to remain anonymous, we encourage you to use a pseudonym when reporting. Thank you for your efforts on behalf of the entire SimpleInnovation team.