At Recruitee we take data security seriously and strive to ensure a secure experience when people are using our products. When properly reported, we will investigate all legitimate reports of security vulnerabilities and address identified problems if appropriate. We have adopted a vulnerability disclosure program to encourage reporting of security vulnerabilities.
Rules of our program
- Share the security issue with us without making it public at any point. Including, but not limited to, not making it public on social media, message boards, mailing lists and other forums.
- Do not engage in security research that involves:
- Potential or actual damage to users, businesses, people, systems, data or applications.
- Violation of privacy rights or confidentiality of data.
- Social engineering (including, but not limited to, phishing).
- Disrupting or interrupting our services.
- Port scans on our networks or executing DDoS attacks.
If you comply with the rules of our program we will not bring any lawsuit against you or ask law enforcement to investigate you, unless we have reason to believe that you did not act in good faith.
Bug bounties / Rewards
We do not offer bug bounties or rewards.
How to disclose vulnerabilities
You can send the vulnerability that you want to disclose to firstname.lastname@example.org. Please answer the following questions in your email:
- What type of vulnerability is it?
- What are the steps to reproduce the vulnerability?
- Who would be able to use the vulnerability and what would they gain from it?
Feel free to include attachments:
What you can expect from Recruitee
We will respond to your email within two weeks and give you updates on the status of the vulnerability