Submit a request

Brightidea Incorporated Vulnerability Disclosure Policy

Follow
Print Friendly and PDF

 

Brightidea Incorporated is committed to protecting the security and privacy of our customers. We welcome reports of potential security vulnerabilities from the research community, customers, and the public, and we are committed to investigating and addressing valid issues in a timely manner.

 

1. Scope
This policy applies to the following services:

  • All public-facing applications and services hosted under *.brightidea.com

  • Our web and mobile applications

  • Public APIs and integrations

This policy does not apply to third-party applications or services that we do not control.

 

2. Reporting a Vulnerability
If you believe you have discovered a vulnerability, please submit your report to: support@brightidea.com

Your report should include:

  • A detailed description of the vulnerability

  • Steps to reproduce the issue (screenshots, logs, tools used)

  • Potential impact or exploitability

  • Your contact information (optional if anonymity is preferred)

3. Safe Harbor

We will not pursue legal action against individuals who:

  • Engage in good-faith testing within the scope of this policy

  • Avoid privacy violations, data destruction, or service disruption

  • Do not access or alter user data not belonging to them

We consider your research to be authorized, and we will work with you to understand and resolve the issue.

 

4. Our Commitment

We will:

  • Acknowledge your report within 5 business days

  • Provide status updates as we investigate and remediate

  • Coordinate disclosure timelines with you if public disclosure is considered

  • Credit you publicly (if desired) for your responsible disclosure

 

5. Exclusions

The following are not considered in scope for this policy:

  • Social engineering or phishing attacks

  • Physical security vulnerabilities

  • Denial of Service (DoS/DDoS) attacks or stress tests

  • Automated vulnerability scanners or brute-force tools

Please avoid using techniques that could cause harm to systems or data.

 

6. Recognition

While we do not currently offer a formal bug bounty program, we recognize and appreciate the efforts of the security community. With your permission, we may publicly acknowledge valid contributions.

7. Updates

We may update this policy from time to time.

 

Thank you for helping us keep our services safe.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments