Responsible Disclosure
Reporting Guidelines
- Please use beta.klenty.com to perform all security testing (Please note accounts created on this domain would be deleted randomly). Testing conducted via app.klenty.com on the live application is banned.
- Reach out to security@klenty.com, if you have found any potential vulnerability in our products meeting all the below mentioned criteria. You can expect a confirmation from our security team in about 48 hours of submission.
- Please refrain from doing security testing in existing customer accounts.
- When conducting security testing, make sure not to violate our privacy policies, modify/delete unauthenticated user data, disrupt production servers, or to degrade user experience.
- You’re allowed to disclose the discovered vulnerabilities only to security@klenty.com. Documenting any potential In/Out of scope vulnerability to the public is against our responsible disclosure policy.
- We encourage you to encrypt your message with our public key to ensure that it it remains safe in transit.
Qualifying Security Bugs
All bugs that are reported are qualified based on its impact on customer’s production data.
We will consider other security vulnerabilities if it is making an impact and exploitable with a working non-intrusive POC.
In Scope Domains
- app.klenty.com
Bugs Severity
Klenty will define the severity of the issue based on the impact and the ease of exploit.
Response Time
| RESPONSE TYPE | TIME |
|---|---|
| Acknowledgement | Within 48 hours |
| Time taken to resolve | Based on the Severity |