Vulnerability Disclosure Policy

We take the security of our systems seriously and value input from the security community. If you’ve discovered a vulnerability, we appreciate your help in disclosing it to us.

​

Guidelines

We require that all researchers:

• Make every effort to avoid privacy violations, degradation of our users’ experience, disruption to production systems, and destruction of data during security testing

• Perform research only within the scope set out below

• Use the identified communication channels to disclose vulnerability information to us

• Keep information about any vulnerabilities you’ve discovered confidential between yourself and us until we’ve had 180 days to resolve the issue

​

Safe Harbor

If you follow these guidelines when reporting an issue to us, we commit to:

• Not pursue or support any legal action related to your research

• Work with you to understand and resolve the issue quickly (including an initial confirmation of your report within 72 hours of submission)

​

Within scope

The following services are within the scope of this disclosure program:

• Able app of current version - 10

Outside of scope

Any services hosted by third-party providers are excluded from the scope of this agreement. These providers include, but are not limited to:

• Google

• Plain

• Vercel

• Amplitude

• Sentry

• Posthog​

How to report a security vulnerability?

If you believe you’ve found a security vulnerability in one of our products or platforms that falls within the scope of this program, please get in touch with us at team+security@able.ac with a detailed description of the vulnerability and the steps to reproduce it.