Vulnerability Disclosure
Promise
At LeadMagnets.io, we are committed to ensuring the security of our users by safeguarding their information. This policy provides security researchers with guidelines for responsibly discovering and reporting vulnerabilities. It outlines which systems are covered, how to report findings, and our expectations regarding public disclosure timelines. We encourage you to report potential vulnerabilities, and we are dedicated to addressing and resolving them promptly.
Safe Harbor
If you conduct your security research in good faith and adhere to this policy, we consider your research authorized. We will work with you to resolve the vulnerability swiftly, and LeadMagnets.io will not pursue legal action. Should a third party initiate legal action against you for actions conducted in accordance with this policy, we will make this authorization known.
Guidelines
We ask that researchers adhere to the following guidelines when testing and reporting vulnerabilities:
- Notify us promptly after discovering a real or potential vulnerability.
- Avoid privacy violations, degradation of user experience, system disruptions, and data destruction or manipulation.
- Use exploits only to the extent necessary to confirm the presence of a vulnerability. Do not use an exploit to compromise or extract data or maintain command line access.
- Allow us sufficient time to address and fix the issue before disclosing it publicly.
- Refrain from submitting low-quality reports or duplicates.
- If sensitive data is accessed (e.g., personally identifiable information, financial details, or proprietary data), stop testing immediately, report the issue, and do not disclose any accessed data.
Test Methods
The following types of testing are not authorized:
- Network denial of service (DoS or DDoS) attacks or any action that degrades or damages systems or data.
- Physical security testing (e.g., office access, tailgating) or social engineering (e.g., phishing).
- Any non-technical testing (e.g., manipulation of hardware or software configurations).
Scope
This policy applies to the following systems and services:
- app.leadmagnets.io
Systems outside of the LeadMagnets.io domain or our customers’ systems are not in scope. If you discover vulnerabilities in third-party services or vendor products, please report them directly to the respective vendor.
Reporting a Vulnerability
Please report vulnerabilities by emailing us at support@leadmagnets.io. Reports may be submitted anonymously. When you share contact information, we will acknowledge your report within 3 business days and keep you informed throughout the process. By submitting a report, you acknowledge that you have no expectation of payment and that you waive any future payment claims related to your submission.
What We Expect from You
To help us prioritize and address your submission, we recommend including:
- A clear description of the vulnerability, its location, and the potential impact.
- Detailed steps for reproducing the issue, including proof-of-concept scripts or screenshots, if applicable.
- Reports in English, if possible.
What You Can Expect from Us
If you provide contact information, we commit to:
- Acknowledging your report within 3 business days.
- Working transparently to confirm the vulnerability and share remediation efforts.
- Keeping an open line of communication until the issue is resolved.
Questions
If you have any questions about this policy or suggestions for improvement, feel free to contact us at support@leadmagnets.io.
At LeadMagnets.io, we are committed to ensuring the security of our users by safeguarding their information. This policy provides security researchers with guidelines for responsibly discovering and reporting vulnerabilities. It outlines which systems are covered, how to report findings, and our expectations regarding public disclosure timelines. We encourage you to report potential vulnerabilities, and we are dedicated to addressing and resolving them promptly.
Safe Harbor
If you conduct your security research in good faith and adhere to this policy, we consider your research authorized. We will work with you to resolve the vulnerability swiftly, and LeadMagnets.io will not pursue legal action. Should a third party initiate legal action against you for actions conducted in accordance with this policy, we will make this authorization known.
Guidelines
We ask that researchers adhere to the following guidelines when testing and reporting vulnerabilities:
- Notify us promptly after discovering a real or potential vulnerability.
- Avoid privacy violations, degradation of user experience, system disruptions, and data destruction or manipulation.
- Use exploits only to the extent necessary to confirm the presence of a vulnerability. Do not use an exploit to compromise or extract data or maintain command line access.
- Allow us sufficient time to address and fix the issue before disclosing it publicly.
- Refrain from submitting low-quality reports or duplicates.
- If sensitive data is accessed (e.g., personally identifiable information, financial details, or proprietary data), stop testing immediately, report the issue, and do not disclose any accessed data.
Test Methods
The following types of testing are not authorized:
- Network denial of service (DoS or DDoS) attacks or any action that degrades or damages systems or data.
- Physical security testing (e.g., office access, tailgating) or social engineering (e.g., phishing).
- Any non-technical testing (e.g., manipulation of hardware or software configurations).
Scope
This policy applies to the following systems and services:
- app.leadmagnets.io
Systems outside of the LeadMagnets.io domain or our customers’ systems are not in scope. If you discover vulnerabilities in third-party services or vendor products, please report them directly to the respective vendor.
Reporting a Vulnerability
Please report vulnerabilities by emailing us at support@leadmagnets.io. Reports may be submitted anonymously. When you share contact information, we will acknowledge your report within 3 business days and keep you informed throughout the process. By submitting a report, you acknowledge that you have no expectation of payment and that you waive any future payment claims related to your submission.
What We Expect from You
To help us prioritize and address your submission, we recommend including:
- A clear description of the vulnerability, its location, and the potential impact.
- Detailed steps for reproducing the issue, including proof-of-concept scripts or screenshots, if applicable.
- Reports in English, if possible.
What You Can Expect from Us
If you provide contact information, we commit to:
- Acknowledging your report within 3 business days.
- Working transparently to confirm the vulnerability and share remediation efforts.
- Keeping an open line of communication until the issue is resolved.
Questions
If you have any questions about this policy or suggestions for improvement, feel free to contact us at support@leadmagnets.io.