Wingback

Wingback Vulnerability Disclosure Policy

At Wingback, we take the security of our systems and data seriously and appreciate the efforts of security researchers to help us maintain a secure environment. If you believe you've found a security issue, please follow the guidelines below to report it.

Contact Information

Please report vulnerabilities by emailing us at [email protected]. We aim to respond within 2 working days.

Scope

The following domains are in scope for this policy:

• wingback.com
• api.wingback.com
• app.wingback.com
• billing.wingback.com
• js.wingback.com

Guidelines

• Avoid Violations: Please do not perform any actions that may disrupt our service or put data at risk, including denial-of-service attacks, unauthorized access to data, or physical attempts to breach security.
• User Privacy: Do not attempt to access or modify data that does not belong to you. Only interact with your own accounts and information.
• Responsible Disclosure: Please refrain from publicly disclosing any information about the vulnerability until we have confirmed and resolved it.
• Service Impact: Wingback handles critical and sensitive information, so please act with care. If your research requires deeper testing, reach out to us, and we can provide access to a test environment.

When reporting a vulnerability, please include:

• Detailed Report: A clear description of the issue, including any steps to reproduce it.
• Proof of Concept: While not required, a proof of concept (e.g., screenshots or code) is desirable to help us understand the issue.

Acknowledgment

We appreciate your efforts to improve our security. If you report a valid vulnerability, we will recognize your contribution by publishing your name on our Thank You page. While we generally do not offer monetary rewards, we may consider compensation for exceptional findings.

Legal Safe Harbor

We follow the Gold Standard Safe Harbor principles for Good Faith Security Research.

Good Faith Security Research is conducted when you:

• Access our systems with the sole purpose of identifying and reporting security vulnerabilities
• Take reasonable precautions to avoid harm to our systems, data, and users
• Use findings only to help improve our security
• Follow our reporting guidelines and respect our users privacy

This means:

• We will not take legal action against you if you identify vulnerabilities in good faith and comply with this policy.
• We will waive any relevant restrictions in our Terms of Service or Acceptable Use Policies that conflict with Good Faith Security Research as outlined in this policy.
• We will make known that you conducted Good Faith Security Research if third parties bring legal action against you.

For more details, please refer to the full Gold Standard Safe Harbor statement here.