Scope

This policy applies to:

• hireport.io and all subdomains

• Hireport APIs

Reporting a Vulnerability

If you believe you have found a security vulnerability, please report it to us at:
Email: security@hireport.io
Please include:

• A description of the vulnerability

• Steps to reproduce the issue

• Potential impact of the vulnerability

• Any suggestions for remediation (optional)

Our Commitment

When working with us, you can expect:

• A response within 5 business days acknowledging your report

• Regular updates on the status of your report

• We will not pursue legal action against researchers who follow this policy

Guidelines

We ask that you:

• Do not access, modify, or delete data that does not belong to you

• Do not perform actions that could harm our users or services

• Do not publicly disclose the vulnerability before we have addressed it

• Do not use automated scanning tools that generate excessive traffic

• Do not perform social engineering attacks on our employees

• Do not perform physical security attacks

Out of Scope

The following are not eligible for reporting:

• Denial of service attacks

• Spam or social engineering techniques

• Issues in third-party services or applications

• Vulnerabilities requiring physical access to a user's device

• Issues that require unlikely user interaction

Recognition

We appreciate the efforts of security researchers. With your permission, we will acknowledge your contribution once the vulnerability has been resolved.

Contact

For any questions about this policy, please contact security@hireport.io security@hireport.io