Circles.Life
External Program
Submit bugs directly to this organization
Circles.Life
External Program
Submit bugs directly to this organization
Introduction Circles.Co is committed to ensuring the security of our customers by protecting their information. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us.
Gold Standard Safe Harbor and Good Faith Security Research The Gold Standard Safe Harbor supports the protection of organizations and hackers engaged in Good Faith Security Research. “Good Faith Security Research” is accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public. This policy considers Good Faith Security Research as authorized activity protected from adversarial legal action. We waive any relevant restriction in our general terms and conditions, privacy policy and any other relevant policies that conflict with the standard for Good Faith Security Research outlined here.
The security and privacy of our customers’ personal information are of utmost importance to us at Circles.Co. We appreciate the value that security researchers bring in order to improve the security of Circles.Co systems. We are committed to creating a safe, transparent environment to report vulnerabilities.
This means that, for Good Faith Security Research conducted while this program is active, we: Will not bring legal action against you or report you for Good Faith Security Research, including for bypassing technological measures we use to protect the applications in scope; and, Will take steps to make known that you conducted Good Faith Security Research if someone else brings legal action against you. You should contact us for clarification before engaging in conduct that you think may be inconsistent with Good Faith Security Research or unaddressed by our policy.
We will investigate all legitimate reports and do our best to work with you to quickly fix the problem. In addition to this policy, we ask that you follow HackerOne’s Disclosure Guidelines and make a good-faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research.
Keep in mind that we are not able to authorize security research on third-party infrastructure, and a third party is not bound by this policy.
Guidelines Under this policy, "Good Faith Security Research" includes activities in which you:
Notify us as soon as possible after you discover a real or potential security issue. Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data. Only use exploits to the extent necessary to confirm a vulnerability's presence. Do not use an exploit to compromise or exfiltrate data, establish persistent command line access, or use the exploit to pivot to other systems. Provide us with a reasonable amount of time to resolve the issue before you disclose it publicly. Do not submit a high volume of low-quality reports.
Test methods The following test methods are not authorized:
Network denial of service (DoS or DDoS) tests or other tests that impair access to or damage a system or data. Physical testing (e.g., office access, open doors, tailgating), social engineering (e.g., phishing, vishing), or any other non-technical vulnerability testing.
What we would like to see from you In order to help us triage and prioritize submissions, we recommend that your reports:
Describe the location where the vulnerability was discovered and the potential impact of exploitation. Offer a detailed description of the steps needed to reproduce the vulnerability (proof of concept scripts or screenshots are helpful). Be in English, if possible.
What you can expect from us When you choose to share your contact information with us, we commit to coordinating with you as openly and as quickly as possible.
Questions Questions regarding this policy may be sent to [email protected]. We also invite you to contact us with suggestions for improving this policy.
Thank you for helping keep Circles.Co and our users safe!