We just raised $3.5M with participation from Y Combinator!

Guides & Tutorials

Company

News

Sign In

Book a demo

CoLoop Responsible Disclosure Policy

Effective Date: 1st March 2025

At CoLoop, we value the contributions of the security research community to help maintain the security and integrity of our systems, applications, and data. This policy outlines how security researchers can responsibly disclose vulnerabilities to us and what they can expect in return.

Scope

This policy applies to:

  • Any vulnerabilities in systems, applications, or services directly operated by CoLoop.

  • Subdomains, APIs, or infrastructure managed by CoLoop.

It does not cover vulnerabilities in third-party systems, services, or software used by CoLoop but not under our direct control. Researchers should report such findings to the respective vendors.


Guidelines for Responsible Disclosure

To ensure your findings are handled responsibly and without legal repercussions, we ask researchers to please:

  1. Act in Good Faith:

    • Avoid violating the privacy of users, accessing non-public data, or disrupting services.

    • Use only the minimum required testing methods to demonstrate the vulnerability.

  2. Scope of Testing:

    • Test only systems explicitly covered under this policy.

    • Do not perform social engineering, phishing, physical security testing, or denial-of-service attacks.

    • Refrain from conducting tests that could break or stop our systems. If you suspect a vulnerability that might lead to our systems breaking, please reach out and we will work with you to test it in a non-production environment.

  3. Report Findings Promptly:

    • Include a detailed description of the vulnerability, including the affected system, potential impact, and steps to reproduce.

    • Provide proof of concept where applicable.

  4. Avoid Disclosure Until Resolved:

    • Do not publicly disclose the vulnerability until we have resolved it and granted permission.


Reporting Process

  1. Submit Your Report: Email your findings to security@coloop.ai with the subject line: "Responsible Disclosure: [Vulnerability Name]".

  2. Include Necessary Details:

    • Your name and contact information.

    • Description of the vulnerability and its impact.

    • Steps to reproduce the vulnerability or proof of concept.

    • Any additional supporting materials (e.g., screenshots, logs).

  3. Acknowledgment of Receipt:

    • We will acknowledge your report within 72 hours of submission.

  4. Evaluation Timeline:

    • We aim to validate and respond with our assessment and next steps within 15 business days.


Our Commitment to Researchers

If you follow the guidelines of this policy, we commit to:

  • No Legal Action: We will not initiate legal action against researchers acting in good faith and in compliance with this policy.

  • Recognition: With your consent, we will send you a gift of appreciation and/or acknowledge your contribution on our Hall of Fame or similar platform.

  • Transparency: We will provide regular updates on the status of the vulnerability you reported.


Hall of Fame

Researchers who responsibly disclose vulnerabilities and help improve our security will, with their consent, be listed on our Security Hall of Fame page as a token of appreciation.


Exclusions

The following activities are explicitly excluded from this policy:

  • Exploitation of vulnerabilities for personal gain.

  • Repeated testing or exploitation after reporting.

  • Disclosure of vulnerabilities to third parties without our prior consent.


Questions

If you have any questions about this policy, contact us at security@coloop.ai.

Thank you for helping us maintain the security and integrity of CoLoop's systems and services.