Vulnerability Disclosure

Atly Apps strives to build quality software while rigorously safeguarding the privacy of our users and their data. We build security into all our products and follow security best practices wherever possible.

If you believe that you have found a security vulnerability in software provided by Atly Apps, please report it to security@atly.io. In your report please include:

• The URL where the potential vulnerability was observed (if applicable)
• An explanation of the potential vulnerability, including reproduction steps and any preconditions
• Proof-of-concept code (if applicable)

Out of scope

The following types of reports are considered out of scope due to their limited impact or because they are already known:

• Unreviewed reports from automated vulnerability scanners
• Self-exploitation (such as self-XSS)
• Disclosure of known public files or directories, such as robots.txt
• Missing security headers (such as X-Frame-Options, X-XSS-Protection, etc.)
• Vulnerabilities that rely on outdated or unpatched browsers (supported browser versions can be found here)

Recognition

Please note that we do not compensate individuals or organisations for identifying potential or confirmed security vulnerabilities.

We appreciate the efforts of security researchers helping to make our products safer and more secure for our users.