Responsible Disclosure Policy

Stessa is deeply committed to the security of our services and our users’ information. If you are a security researcher and have discovered a security vulnerability in one of our services, we appreciate your help in disclosing it to us in a responsible manner.

Stessa will engage with security researchers who report vulnerabilities to us in accordance with this Responsible Disclosure Policy.

Prohibited Actions

Stessa prohibits individuals from accessing, downloading or modifying data residing in any account that does not belong to that individual. The following actions are also prohibited:

  • Executing or attempting to execute any denial of service attack;
  • Knowingly posting, transmitting, uploading, linking to, sending, or storing any malicious software on or through Stessa services;
  • Sending or causing the sending of spam messages or other unsolicited messages to users;
    Testing in a manner that would degrade the operation of our services; or
  • Any other testing that violates applicable law or our Terms of Service.

Reporting

Please share the details of any suspected or detected vulnerabilities with the Stessa Security Team by emailing security@stessa.com. For the security of our users and service, we ask that you do not publicly disclose these details without express written consent from Stessa. In reporting any suspected vulnerability, please include the following information:

  • Your name and email address;
  • Vulnerability details with information to allow us to efficiently reproduce your steps

Our Commitment

If we verify a security vulnerability that you report to us in compliance with this Policy, we commit to:

  • Promptly acknowledging the receipt of your report;
  • Keep you informed of the status of your report; and
  • Notifying you when the vulnerability is fixed.

Safe Harbor

Any activities conducted in a manner consistent with our policies will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

Thank you for helping keep Stessa and our users safe!