Vulnerability Disclosure Programme - Textalyz
Security is core to Textalyz’s trust. We maintain a responsible vulnerability disclosure program and welcome reports from security researchers and users.
What You Can Report
We encourage reports related to:
- Data exposure or access control issues
- Insecure endpoints or improper auth handling
- Extension permissions misuse or escalation
- Slack app misbehavior or unexpected access
What’s Not in Scope
- Denial of Service (DoS) attacks
- Automated scans with no proof-of-concept
- Rate limit brute force (unless bypassed)
- UI/UX bugs without security impact
How to Report
Send all reports to dev@textalyz.com with the subject: Vulnerability Disclosure. Please include:
- A clear description of the issue
- Steps to reproduce (including code or screenshots if possible)
- Your contact information for follow-up
Our Commitment
- We’ll acknowledge your report within 48 hours
- We’ll investigate and respond with a timeline for a fix
- We’ll credit you (with permission) if a disclosure results in a fix
🚫Important Note
We do not currently offer a formal bug bounty, but we deeply appreciate responsible disclosures.
Responsible Disclosure Guidelines
To ensure a smooth and effective disclosure process, we ask that you:
- Provide sufficient detail to reproduce the issue
- Allow us reasonable time to investigate and respond
- Refrain from publicly disclosing the vulnerability until we’ve had a chance to address it
- Act in good faith and avoid any actions that could harm our users or systems
Contact Information
📧 Email us at: dev@textalyz.com
Subject line: Vulnerability Disclosure
We appreciate your commitment to keeping Textalyz secure for all users.
