BUG BOUNTY POLICY

Our company welcomes security researchers to responsibly research our platform with the goal of making it safer for our customers. We offer recognitions and rewards for the discovery of eligible vulnerabilities in accordance with this policy.

If you think you have found a vulnerability in airSlate’s platforms, integrations, or client libraries, please submit a vulnerability report to us as soon as possible by emailing security_report@airslate.com

Only reports that meet all of the following requirements are eligible to receive a monetary reward:

To submit a vulnerability report, please provide as much evidence as possible, including but not limited to: reproduction steps, screenshots, account information and any other details that would allow us to verify your vulnerability. By submitting a report, you are indicating that you have read, understand, and agree to the terms of this policy.

PROGRAM RULES

Please allow us at least 5 (five) business days to confirm the receipt of your vulnerability. An eligible report will be reviewed and responded to within a commercially reasonable time. We reserve the right not to provide any substantive response to any reports which we deem to be outside the scope of this policy or that we find abusive or redundant. The decision as to whether your report is eligible for this program and what reward, if any, is due will be made by us in our sole discretion, and such decision is final and non-appealable. Although we may choose to share information with you, please understand that you do not have the right to be notified of the reason why your report was accepted or rejected or of any follow-up or other information related to your report or the vulnerability you reported. As part of your compliance with this policy, upon request, and in any case as a condition to receiving a reward hereunder, you agree to sign a non-disclosure agreement acceptable to airSlate in its sole discretion. We do not permit any person or entity to engage in any security research or vulnerability or threat disclosure activity that is inconsistent with this policy or the law.

We may modify the terms of this policy or terminate the policy at any time.

IN-SCOPE VULNERABILITIES

This policy covers vulnerabilities found in the websites, applications, and systems owned by airSlate and its affiliates, including the following websites:

Without limiting our discretion as set forth in this policy, the following are some examples of vulnerabilities that may be within the scope of this policy with the respective estimated levels of severity.

OUT-OF-SCOPE

Although we welcome feedback on anything you may perceive as a vulnerability, no reward will be paid for any vulnerability that does not meet all the eligibility requirements of this policy. The following is a non-exclusive list of vulnerabilities which are not eligible for reward under this Program:

GOOD REPORTS

A good report under this policy would normally include the following:

BAD REPORTS

The following reports are most likely to be dismissed or not eligible for reward.

FEEDBACK

If you have any questions, suggestions, or feedback, please contact us at security_report@airslate.com

Thank you for helping us keep airSlate and our users safe.