Back to Trust Center
Vulnerability Disclosure
We value the security research community and welcome responsible disclosure of potential vulnerabilities.
How to Report
Please report potential security vulnerabilities by email:
support@codefour.us
Subject: Security Vulnerability Report
What to Include
To help us investigate and respond quickly, please include:
- •Description — Clear explanation of the vulnerability
- •Impact — Potential security impact or risk
- •Reproduction Steps — Step-by-step instructions to reproduce the issue
- •Affected URLs/Endpoints — Specific URLs, endpoints, or components affected
- •Supporting Materials — Screenshots, logs, or proof-of-concept code (if applicable)
Safe Harbor
We support good-faith security research. If you conduct security research in accordance with these guidelines, we will:
- •Consider your research authorized and not pursue legal action
- •Work with you to understand and resolve the issue quickly
Research Guidelines
To qualify for safe harbor, please:
- •Do NOT access, modify, or delete data belonging to other users or customers
- •Do NOT perform social engineering attacks against our employees or customers
- •Do NOT conduct denial-of-service attacks
- •Do NOT publicly disclose the vulnerability before we have addressed it
- •Stop testing and report immediately if you encounter Customer Data
Our Response
When you submit a vulnerability report:
- •Acknowledgment: We will acknowledge receipt within 3 business days
- •Assessment: We will assess the report and provide an initial response within 10 business days
- •Updates: We will keep you informed of our progress