Vulnerability Disclosure Policy

Strac is committed to the security of our products and our customers' data. We welcome responsible disclosure of security vulnerabilities.

Scope: All Strac products and services, including our Slack, browser, endpoint, and SaaS integrations.

‍How to report: Email security@strac.io with:                                                                                                                                             - Description of the vulnerability
- Steps to reproduce
- Impact assessment

Our commitment:  
- Acknowledge receipt within 2 business days                                                                                                                                         - Provide an initial assessment within 5 business days
- No legal action against good-faith security researchers
- Credit in our security acknowledgments (if desired)

Out of scope: Social engineering, DoS attacks, third-party services.