Responsible Disclosure Policy

SmartRent takes security and privacy very seriously for our users, our products and our staff. If you have discovered a vulnerability, we encourage your help in disclosing this to us in a responsible manner.

SmartRent will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate, respond and fix vulnerabilities in accordance with our commitment to security and privacy, as well as our policies. At SmartRent’s discretion, you may be eligible for monetary compensation for your efforts if you are the first to report a vulnerability and include detailed information to reproduce the vulnerability. We will not take legal action against, suspend, or terminate access to the platform those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy. SmartRent reserves all of its legal rights in the event of any noncompliance.

Guidelines

Don’t disclose a bug or vulnerability in the public domain, prior to Responsible Disclosure without consent from SmartRent.

If a vulnerability is discovered, you are not authorized to exploit the vulnerability to compromise any data exposed and you are not authorized to view any data exposed by the vulnerability.

  • Do not perform DDOS / Spam attacks.
  • Do not use scanners or automated tools to find vulnerabilities.
  • Never perform phishing, social engineering, or physical attacks against our users, employees, or infrastructure.

The scope of this policy includes vulnerabilities discovered on any of our mobile apps, the SmartRent platform, or any smarthubs used by our platform. If you have any questions about the scope of this policy, please contact [email protected]

How to Report an Issue

If you believe you have discovered a vulnerability, please contact [email protected] Please do not publicly disclose suspected vulnerabilities without consent from SmartRent.

In reporting vulnerabilities, please send details of:

  • Suspected vulnerability including reproduction steps that we can follow.
  • A private, secure communication channel through which we can contact you such as your email address.

Response

Our security team will investigate any details you provide immediately upon receiving a vulnerability report.

PGP KEY

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFxKO6IBEADWdDeXxgnN6hgFW4MLUQaS8Kzh7v6s2FknCgBClI4J/Dk5OIym
twxJ45UHGzctgcgg/BiDtOpV1whE9ebNEb4gNRPqO9lUf4hS+M9KLV3XDmpGbZUM
YaXshMLsj7WHG4WJzwT773RAN2ekzUMPuPMvygW3H7IojGWj/QE6p7d+WkL5Pg7O
Bvm6SZZfLnczcRnK+12NMJizZ0v7SZP6UX84daVhm/KGKr9p9hJLdESzZm/CdVAi
r3ZdjRY3/0R7XH8yiY3j6ctJ8UUx1uzbM3VRRoZcCdYvpfScQQRR2cPYpGJYY45m
cw90NjYs8mSL6BK4VPtbA06YUtJxcRWHfHt+x7hFqnXdspbdowVMbGSwgbUsj5ec
ERm2nFBJHTBXQgBRBZFU3KT4IDNN1mtveoN814EvrVBWW0T4VZX94oheuR+S96dd
u+hKXV3O1im2Xl4QMlRFCNHiOvdAViV3gPw0OPMANPQQwUtiHJU943Jr4JlP4jCn
lkU1TVp0Lh2VzBcFRt92WVNZkHyN9Euo9I4qcIrkt7zHzuWuAFzUUlROBRZjhEtR
ammmg5IAEY4lG4DgQ8c8y+4jC+E5MKhObkez34vY+evFSfDlD9bdHISozygrawuZ
zVfcRxmGFMsh1F5dlHWm4hdGxw+1LJ77AX+jnV19bb2jgt7vm84pzFnUxQARAQAB
tCdTbWFydFJlbnQgVGVhbSA8c2VjdXJpdHlAc21hcnRyZW50LmNvbT6JAlQEEwEI
AD4WIQSYU52NTh5V9WbwpjHgNy/gf6YiiQUCXEo7ogIbAwUJB4YfgAULCQgHAgYV
CgkICwIEFgIDAQIeAQIXgAAKCRDgNy/gf6YiiX9fD/9/QyErE8+FMjSM2YO0B9pt
bzNVnnwDr/0tnFXkQVNw3hIUtAExQwo8a73fAdrL0HBeTumr/3MQdE6puQHXijnG
IgC9ID76jFAOgBnyqySWf/YeC+i0fHE3Ts93brmicJiYSdZ/ymNBiA4oBjiPkPmJ
vxOaXU6u/PxGkvJ17FRWo80Q4M9SgYfG9rKHOiKB8vSSWwYFGT7ySb2C5884jdXN
CAd2/arONuH0TggBivCewaoLbQDdlgb1fLXFt+/ohZOyC79GojILVbGkclIrZSgw
utFjSQ9roJnoMeh4jFypepGmBOosaUs40sRto3VVwsArqejWxekNll6d9B+sQMUs
sq2xCIHBeOEIIw4y1vkjlAeO9BgHrSVdxZjWdAo6VzfMU/Wu5Vzje7Ios2DnBS9a
2cpDNNOX37QDrqWIfv5OdeVIpxVBgsLCtUKQLLDY9nRR8E13BNPnTxfiCZuMrvSn
/7Z8mrzvx1D/ngrq2t2AlMv6vPRUj+3APCcIcDp2MUt1M8qFoSKokNbjElgO8d6Z
TvK7tWvS2eWoICrs7Er9UGUXC0J2ueDOyYSLS9+KDAoyd2B7TktzB28+1uPgGsQC
YcbK4v/6s881LeM/aPbvti6/KEW/F9rOv3hXIMm4xjtQuH0yq4no0TTb+MvK9BGM
HYnN30yryprgxj0dRvWG+7kCDQRcSjuiARAA1Ht5E28ateszUhF7dokyMZGApbpF
go/MsTGbVSyrm6krczNcbaKdtSApK6Y0L7fIVT5zROt4kvCLvOdfAAdCdKG0M4od
64ug464qRKC35f/O8w/kMMPixkhC+mkuG9OYhmMydBK/epCFuo/L80ErCSLB0XWj
8mTvZcZ5qXGCtWEDgnhIuW7Y6S9+WqCFW8K8I1tp9cLVwKm4tj2k1Uw0nRdV7ftZ
rVqENYJpXjcq3EEWyYszPx/EB4dt0n8Og8QC+0khAaFU5gyv4u2vvPzK3Nd1X9s6
Tpfnh2LlQyIID2dkkdxH1k/CCE5lq9v9TDgl+ZYJkglSbiDxauv4RGqrvCAOmOvA
Hk0n8xTW4YPTNATafF0SMT91PrmXKcRW9ziwLM15Z5DjLvV2YawYaiG6PjypeBs5
GvIUp7XkSP98twz6/evIh5wV2O8NhOpKSRvmgq9KzKKsrITFSuouzD1vIB+gEysD
ZMejHzjvib5eIgCRpaTPHNlDi8nb2Tn7kg1RyMeFvQItQwyMnVF0oAajfWRfLkdA
JYDr3DZQdJfXmaGF7qZjsVFGakTQ6qT0tc/V1M5FTQeIa2O4sP1jll1LFzxbcnYX
U8wvazNjLq3vBx/EzygVyLU9gJ9sFYWkSZiX+yefnovmbAi+vfr52Gs+Ejtk2/be
6llpWOmigQiVQ+sAEQEAAYkCPAQYAQgAJhYhBJhTnY1OHlX1ZvCmMeA3L+B/piKJ
BQJcSjuiAhsMBQkHhh+AAAoJEOA3L+B/piKJYHgQAKGagm5rs2s59pRLKwT/vMoq
9x/nARffgYfQimn2yFtMZ3sZocW4xIxc5jz8ii2h+emJQmAkxyfnUiAJfl/b8Z2G
10yDa6UXDuOyMLLoADLNX8WPARqYwu8vCeaUOwY72g6JgQ4hpW4KrmGmgsqcVjV7
xu6ETJP0NlRj9Mb2TlkGjuFhi2ZmyeMqQY06Ugz9p5vZyOGjMU4rS30fxL4O5ahO
fovIfH1ykSDdp5GbNqh+geg9Q2y+mQShQIzYBE/TN8hOADRsERLi8ULoSchiCMLT
d5EjkDECodcW70w9Eq+3sFcCyhmiB8cawBhwxRYgSXiiEVZj0Qk+RnbBShRoDZxD
X3BMLRDN/zUE2jB4A6ZCi9f1w2i3QV2HZG4raJc7+K3oVvV7Q9msPVs0AeT3AfWx
e/f2PPh+LpcgVv/aeKkKhu1ob1tS/NUgmNYU1LS1n+lWRQQFjLiDbGhrUnP29TSd
RsDdCG2VmEJ6WnqUhaTGe6l0dLcvjiYqEyhAFjIAIKIWutnbx/ShANSbw9evyE9+
7Nha7a7PbIzTMLufgdGBeLSfb35uomEppBlpWxZZHrT7wgWK0rfiDBqhIRBH5zzK
HEntjBLzLMQOIJKY9ESlAci2H4c5nIRic2YjgizDKgDw9riptDpmRb1gXT0FsazE
S1FVY/DbeUY98aODGLnm
=MHxu
-----END PGP PUBLIC KEY BLOCK-----