Reporting
Email reports to support@qtilabs.com with the subject StatusDeck Security Report.
Include
- Description of the suspected vulnerability
- Affected component or page
- Reproduction steps
- Potential impact
- Proof of concept that does not expose customer data
- Your contact details and preferred disclosure timeline
Safe-harbour expectations
Good-faith research should avoid privacy violations, data destruction, persistence, denial of service, social engineering, automated high-volume scanning, access to unrelated customer data and public disclosure before remediation.
Our process
- Acknowledge receipt.
- Triage severity and reproducibility.
- Investigate and contain where necessary.
- Develop and validate remediation.
- Coordinate notifications and disclosure.
- Conduct post-incident review where appropriate.
Not a bug bounty
This policy does not create a paid bug-bounty programme or guarantee compensation. Any recognition or reward is at QTI Labs' sole discretion.
Effective date: upon first public availability of StatusDeck on the Atlassian Marketplace. Review at least annually and after material product, scope, storage, subprocessor, security or legal changes.