Vulnerability Disclosure Policy

We take security seriously and appreciate the security research community's efforts to help us maintain a secure platform.

Our Commitment

We are committed to working with security researchers to:

Scope

✅ In Scope

This policy applies to security vulnerabilities in:

  • Our main application (www.rileygrey.com)
  • Subdomains owned and operated by us
  • Hosted domains and websites operated by us

❌ Out of Scope

The following are explicitly out of scope:

  • Third-party services and websites
  • Physical attacks against our offices or employees
  • Social engineering attacks
  • Denial of service attacks
  • Spam or content issues
  • Issues in third-party applications that integrate with our service

Reporting Guidelines

How to Report

Please report security vulnerabilities to us via email:

Email: help@rileygrey.com

What to Include

Please provide the following information in your report:

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Proof of concept (if applicable)
  • Potential impact of the vulnerability
  • Your contact information for follow-up

Safe Harbor

We will not pursue legal action against researchers who:

Response Timeline

We commit to:

Initial Response

Within 2 business days

Progress Updates

Every 5 business days

Resolution

Based on severity and complexity

Recognition

Researchers who follow this policy may be recognized in our Security Hall of Fame. Recognition includes:

Please let us know if you prefer to remain anonymous.

Legal

This policy is subject to change without notice. By participating in our vulnerability disclosure program, you agree to these terms.

Ready to Report?

Help us keep our platform secure by reporting vulnerabilities responsibly.

Email Us: help@rileygrey.com