Responsible Disclosure / Vulnerability Reporting
Effective Date: January 1, 2025
Last Updated: August 27, 2025
We value the security research community and welcome reports of potential vulnerabilities. If you believe you have found a security issue in any Data Sleek system or service, please let us know so we can address it promptly.
Reporting Guidelines
Please include:
– A description of the vulnerability and affected components or URLs
– Steps to reproduce (proof of concept is helpful)
– Expected vs. actual results
– Any relevant screenshots, logs, or payloads
– Your contact information
Send reports to: security@data-sleek.com or use our Contact Form (select Security).
Safe Harbor
We will not pursue legal action against researchers who:
– Engage in good faith testing and report vulnerabilities promptly
– Avoid accessing or destroying data, or compromising privacy
– Avoid service disruption or degradation
– Do not exfiltrate data
– Comply with relevant laws and do not exploit issues beyond necessary proof of concept
Testing must exclude: social engineering, physical attacks, DDoS, spam, malware, and use of automated scanners that may impact availability.
Our Commitment
– We will acknowledge receipt of your report within 5 business days
– We will provide periodic updates and a target remediation timeframe
– We may publicly acknowledge your contribution (with your permission)
Out of Scope
– Issues in third-party platforms outside our control
– Findings without security impact (e.g., missing security headers without exploitability)
– Best-practice recommendations without demonstrable risk
Legal
By submitting a report, you agree that your testing complies with applicable law. This page does not grant permission to access or test systems beyond publicly accessible areas. Bounties are not currently offered, but we may provide acknowledgements.