RESPONSIBLE DISCLOSURE POLICY
Last updated: 2025-10-24
Data security is a top priority for Shuttlerock, and we believe that working with and rewarding skilled security researchers is an important process for improving and protecting Shuttlerock's services and technology.
If you believe you've found a security vulnerability in Shuttlerock’s platform please notify us and we will work with you towards an amicable outcome for all parties.
Responsible Disclosure
-
If you believe you’ve discovered a potential vulnerability, please let us know by emailing security@shuttlerock.com.
-
We aim to acknowledge each request within 48 hours, however it may take longer. Please only use the stated email above to ensure your report goes to the correct personnel.
-
We aim to resolve critical issues within 2 months of disclosure. Please provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party.
-
Make a good faith effort to avoid violating privacy, destroying data, or interrupting and degrading the Shuttlerock platform. Please only interact with accounts you own or for which you have explicit permission from the account holder.
Exclusions
While researching and following the discovery of an issue, you must refrain from:
-
Spamming communication channels for updates or payments
-
Contacting non-security Shuttlerock employees regarding the reported issue
- Exploiting vulnerabilities beyond proving their existence
-
Any attempts to contact, access, or exploit out-of-scope services or integrated third-party platforms
-
Any methods of interrupting Shuttlerock services
Version Control
We may revise these guidelines from time to time.
The most current and complete version of the guidelines will be available here.
Contact
Shuttlerock is always open to feedback, questions, and suggestions.
If you would like additional information or clarification of this policy or process please email us at security@shuttlerock.com