Seezo Vulnerability Disclosure Program (VDP)

Seezo Vulnerability Disclosure Program (VDP)

Seezo takes the security of our systems and data very seriously. We are continuously working to maintain and ensure that our environment is safe and secure for everyone. If you have discovered a security vulnerability in our application, we appreciate your help in disclosing it to us in a responsible manner.

Scope

Security research should be limited to the following domain:

How to Report a Vulnerability

Contact: security@seezo.io

Encrypted Communications

You can encrypt your information using our PGP key:

Report Content

When submitting a report, please include:

  1. A detailed description of the issue

  2. Steps to reproduce the vulnerability.

  3. Any relevant evidence (e.g., screenshots, logs).

Note: We currently do not offer monetary compensation nor maintain a Hall of Fame.

Safe Harbor

If you conduct your security research in accordance with this policy, Seezo considers your activities to be authorized conduct under applicable laws, including the Computer Fraud and Abuse Act (CFAA) and similar state laws. We will not initiate or recommend legal action against you for activities conducted in compliance with this policy.

In the event of any law enforcement or civil action brought by a third party against you, and you have complied with this policy, we will take steps to make it known that your actions were conducted pursuant to and in compliance with this policy.

Out of Scope and Ineligible Findings

We generally follow industry-standard exclusions for common false positives and low-impact findings. For a comprehensive list of ineligible findings, please refer to the HackerOne Core Ineligible Findings documentation.

Testing Guidelines

When conducting security research, researchers must:

  1. Test only on in-scope domains listed in this policy

  2. Report vulnerabilities promptly upon discovery

  3. Make a good faith effort to avoid privacy violations, data destruction, and service disruption

  4. Refrain from conducting Denial of Service attacks

  5. Refrain from performing social engineering attacks against Seezo employees or contractors

  6. Refrain from accessing, modifying, or deleting data that does not belong to you

Questions

If you have questions about this policy or need clarification about scope, ineligible findings, or testing authorization, please contact us at security@seezo.io before conducting any testing.

Thank you for helping us keep Seezo secure.

Last updated: October 2025



Elevate AppSec

Stay up to date

Get notified of new blog posts and monthly product feature updates

Elevate AppSec

Stay up to date

Get notified of new blog posts and monthly product feature updates

Elevate AppSec

Stay up to date

Get notified of new blog posts and monthly product feature updates