1. Introduction At Sliide, we consider the security of our systems, data, and users to be a top priority. We value the contributions of the security research community and welcome reports of potential vulnerabilities. This policy outlines the steps for reporting vulnerabilities to us, what we expect from researchers, and what you can expect from us. 2. Safe Harbor (Authorization) If you make a good faith effort to comply with this policy during your security research, Sliide will consider your research to be authorized. We will work with you to understand and resolve the issue quickly, and we will not recommend or pursue legal action related to your research. 3. Guidelines To remain within the scope of this policy, we ask that you: - Do not cause harm to users or destroy data. - Do not access, download, or modify user data (if a vulnerability provides access to data, stop immediately and report it). - Do not perform social engineering (phishing) or physical security attacks against our employees or offices. - Do not perform Denial of Service (DoS/DDoS) attacks. - Do give us reasonable time to fix the issue before making any information public. 4. Scope The following systems and services are in scope for this policy: - *.sliide.com - Sliide Mobile Application (iOS/Android) and their endpoints The following are out of scope: - Third-party services/vendors - Spam or social engineering techniques. 5. How to Report a Vulnerability Please submit your report via email to security@sliide.com. In your report, please include: - Description: The type of vulnerability and location (URL/Endpoint). - Proof of Concept: Steps to reproduce the issue (screenshots or video are helpful). - Impact: A brief description of the potential risk. 6. Our Commitment When you choose to share your findings with us, we commit to the following: - We will acknowledge receipt of your report within 5 business days. - We will confirm the existence of the vulnerability to you and provide a timeline for remediation. - We will notify you when the vulnerability has been fixed.