Vulnerability Disclosure Policy

At Superleap CRM, we are committed to safeguarding our systems data with the highest standards of security and compliance. We value input from the community, and if you’ve discovered a vulnerability, we appreciate your help disclosing it to us.

We prioritize the security and privacy of our users, and the disclosure of security vulnerabilities is crucial in achieving this. To ensure the security and privacy of both researchers and our users, we require all potential submissions to adhere to the following guidelines.

Guidelines

We require that all researchers:

• Make every effort to avoid privacy violations, degradation of our user's experience, disruption to production systems, and destruction of data during security testing
• Perform research only within the scope set out below
• Use the identified communication channels to disclose vulnerability information to us
• Keep information about any vulnerabilities you've discovered confidential between yourself and us until we've had 90 days to resolve the issue

Safe Harbor

If you follow these guidelines when reporting an issue to us, we commit to:

• Not pursue or support any legal action related to your research
• Work with you to understand and resolve the issue quickly (including an initial confirmation of your report within 72 hours of submission)

Within scope

The following services are within the scope of this disclosure program:

• app.superleap.com

Outside of scope

Any services hosted by third-party providers are excluded from the scope.

Rewards

For all submissions that are in scope and new, Superleap CRM will provide monetary rewards based on the severity of the vulnerability. Our security team will determine the final reward amount based on the impact and exploitability of the reported vulnerability.

How to report a security vulnerability?

If you believe you've found a security vulnerability in one of our products or platforms that is within the bounds of this program, please email us at contact@superleap.com