Introduction

At StyleSeat, the security of our systems and data is a top priority. We value the contributions of the security research community and recognize the importance of a coordinated approach to vulnerability disclosure. If you have discovered a security vulnerability, we encourage you to let us know immediately. We welcome the opportunity to work with you to resolve the issue promptly.

Responsible disclosure guidelines

• Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue may not be marked as triaged.
• Submit one vulnerability per report unless you need to chain vulnerabilities to provide impact.
• When duplicates occur, we only triage the first report received (provided that it can be fully reproduced).
• Multiple vulnerabilities caused by one underlying issue will be treated as one valid report.
• Social engineering (e.g., phishing, vishing, smishing) is prohibited.
• Do not access or attempt to access data that does not belong to you.
• Do not exploit a security issue you discover for any reason. (This includes demonstrating additional risk, such as attempted compromise of sensitive data or probing for additional issues.)
• Do not perform actions that may negatively affect StyleSeat or its users, such as: executing or attempting to execute any "Denial of Service" attack, posting, transmitting, uploading, linking to, sending or storing any malicious software and/or file, testing third-party applications, websites or services that integrate with or link to StyleSeat applications. 
• Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service.
• Only interact with accounts you own or with explicit permission of the account holder.

Disclosure Policy

• Please do not discuss this program or any vulnerabilities (even resolved ones) outside of the program without express consent from the organization.
• Follow HackerOne's disclosure guidelines.

What do we expect from you?

• Submit your reports in English.
• Always follow our Responsible disclosure guidelines.
• Ensure your report contains the following aspects:
• Type of issue
• Digital product, version, and configuration of software containing the bug
• Step-by-step instructions to reproduce the issue
• Proof-of-concept
• Impact of the issue
• Suggested mitigation or remediation actions, as appropriate.

What can you expect from us?

1. Acknowledgment: Acknowledge receipt of your vulnerability report within 7 business days.
2. Investigation: Conduct a thorough investigation and work with you to understand the issue.
3. Resolution: Address the vulnerability in a timely manner and provide an estimated timeline for remediation.

Rewards

At this time, we're unable to offer any rewards for vulnerability disclosure. We appreciate your understanding and value your contributions to enhancing the security of our systems.

Safe Harbor

We will not pursue legal action against researchers who identify and report vulnerabilities in accordance with this Responsible Disclosure Policy. Adhering to the rules of engagement outlined on this page is crucial. Your research activities must avoid violating user privacy, disrupting services, or accessing data beyond what is necessary to demonstrate the vulnerability. We also commit to not sharing your personal information without your consent, unless required by law. Thank you for helping us maintain the security of our systems.

Thank you for helping keep StyleSeat and our users safe!