Try it free Get a demo

Responsible Disclosure Policy

Responsible Disclosure Policy
Last Updated: June 24, 2024

At Rebuy, data security is a top priority. We value the contributions of security researchers and believe that responsible disclosure of vulnerabilities helps us ensure the safety and integrity of our systems. If you believe you have discovered a security issue, we encourage you to report it to us.

Disclosure Policy

If you believe you’ve discovered a potential vulnerability, please notify us by emailing security@rebuyengine.com. We will acknowledge your report within one business day (24 hours).

We ask that you:

  • Provide us with sufficient detail to reproduce and validate the issue.

  • Allow a reasonable time for us to resolve the vulnerability before any public or third-party disclosure. Our goal is to resolve critical issues within ten business days.

  • Make a good-faith effort to avoid violating user privacy, destroying data, or disrupting services. Only interact with accounts or systems you own or have explicit permission to access.

Scope & Exclusions

This policy applies to:

  • Rebuy applications and platforms 

  • Any associated APIs, services, or subdomains hosting production data

Out of scope:

  • www.rebuyengine.com (our static marketing site)

  • Theoretical vulnerabilities without demonstrated impact

  • Findings involving social engineering, spam, or denial-of-service (DoS)

Activities such as spamming, phishing, or attacking Rebuy employees or customers may result in account suspension and legal action.

Compensation

Disclosures are made on a voluntary basis, and Rebuy is under no obligation to offer financial compensation for any submission.

At our sole discretion, we may choose to offer a reward or token of appreciation for reports we determine to be critical, valid, and impactful to the security of our users or systems. Offering compensation is not guaranteed and should not be expected.

Thank You

We appreciate the efforts of security researchers and welcome your help in making our platform safer. Thank you for your contributions to the security of Rebuy and its users.

Contact

Questions, reports, or suggestions? Reach us at:
📧 security@rebuyengine.com