Vulnerability Disclosure

Security is critical to how Addresscloud operates.

We welcome the responsible disclosure of security vulnerabilities and appreciate the role security researchers play in helping us protect our customers, systems, and services.

Scope

This policy applies to vulnerabilities identified in systems, applications, or services owned and operated by Addresscloud.

Third party services or providers not controlled by Addresscloud are outside the scope of this policy.

Reporting a Vulnerability

If you believe you have identified a security vulnerability, please report it to:  vulnerability@addresscloud.com

To help us investigate efficiently, please include where possible:

  • a description of the issue

  • steps to reproduce the vulnerability

  • affected systems, applications, or endpoints

  • supporting information such as screenshots or logs

  • the potential impact of the issue

Please avoid sharing sensitive personal data unless absolutely necessary.

Our Commitment

When a report is submitted in good faith, Addresscloud will:

  • acknowledge receipt promptly

  • investigate and validate the issue

  • work to remediate confirmed vulnerabilities in a timely manner

  • treat reports responsibly and confidentially where appropriate

Responsible Disclosure Guidelines

We ask that researchers:

  • act responsibly and ethically
  • avoid accessing, modifying, or retaining data that is not their own

  • do not exploit vulnerabilities beyond what is necessary to demonstrate them

  • do not disrupt or degrade services or systems

  • avoid social engineering, phishing, or denial of service activity

  • keep findings confidential until the issue has been resolved by Addresscloud

Good Faith Research

Addresscloud supports responsible security research conducted in good faith and in accordance with this policy.