Responsible Disclosure Policy

SmartRent takes security and privacy very seriously for our users, our products and our staff. If you have discovered a vulnerability, we encourage your help in disclosing this to us in a responsible manner.

SmartRent will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate, respond and fix vulnerabilities in accordance with our commitment to security and privacy, as well as our policies. At SmartRent’s discretion, you may be eligible for monetary compensation for your efforts if you are the first to report a vulnerability and include detailed information to reproduce the vulnerability. We will not take legal action against, suspend or terminate access to the platform those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy. SmartRent reserves all of its legal rights in the event of any noncompliance.

Guidelines

Don’t disclose a bug or vulnerability in the public domain, prior to Responsible Disclosure without consent from SmartRent.

If a vulnerability is discovered, you are not authorized to exploit the vulnerability to compromise any data exposed and you are not authorized to view any data exposed by the vulnerability.

  • Do not perform DDOS / spam attacks.
  • Do not use scanners or automated tools to find vulnerabilities.
  • Never perform phishing, social engineering or physical attacks against our users, employees, or infrastructure.

The scope of this policy includes vulnerabilities discovered on any of our mobile apps, the SmartRent platform, or any smart hubs used by our platform. If you have any questions about the scope of this policy, please contact [email protected].

How to Report an Issue

If you feel you have discovered a vulnerability within the scope of this disclosure policy, please contact [email protected]. In your email, please provide us with an email address for use in order to invite you to our triage systems. Do not send your submission to this address. Once you have received the invite, only then will your submission be accepted with the following information you will need to provide.

In reporting vulnerabilities, please send details of:

  • Suspected vulnerability including reproduction steps that we can followas well as the date and time identified.
  • Ensure that your submission is within the scope of this disclosure agreement.

Response

All correspondence will be done via our secure triage system and our security team will validate and investigate any details you provide immediately. All communication with you will be done within our triage portal.

PGP Key

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBF+yojEBCAC+YHH2ugcprxFd5bkjxfkg2mhht8jurlzCX+lp6Tq7OSP/ecGk
nKaMlMyuA3q5W1K9TFLD9hcq2sPwMxvpWiK27KqKFh0jkYCw+xI6ryj34k27+1rC
lU8XE171dfXcnk8+O1S5w8l4uIdzPoJO21e4Xum9J0TBE8yPMH90PjgZrfOKSrqn
APbxXFo4zQp62TaPzN1SF2873xk3gwJkHGJE4mLQFTiRZAJ8EPkHeqYJ+s6m7Uov
71yrcKL0pVECoGy8oiW5uzNeVpUx4My6kC821m1CfoElTDHHdZpXosRjId4zwuWh
VIBMyweCZdVJ2zw1AXut4ZiY3NdHPJduRWT3ABEBAAG0KFNtYXJ0UmVudCBBZG1p
biA8c2VjdXJpdHlAc21hcnRyZW50LmNvbT6JAVQEEwEIAD4WIQR/wISDGv0HMvwf
gLoEIwmb9v5IWQUCX7KiMQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIX
gAAKCRAEIwmb9v5IWWP6B/wPmnGSWo1SGPKvnkgHcO5b/Mgsubwx2uJo7xOgNsLJ
FoWG4wZWl9BNqZYJMrOw7XhHwBCsMZNVwyZpVYVyq9LfrewvMCNN1DkuuROfMx6/
YgMfVAIfONAg3Qjg2wn3NQ/Od+f0Ha23i4uZh6EKh9UtyH+ig+JbWtvZJvy+4Hnz
gbzaFGE4Xm1EwPkN178LgrI1nvSKKUboCMf/fGqJW2scEF+LGJKJ9YG9N0wKRdSR
wjqudhY7ukCt248+ShESOBHtYGlKRsjrCKm803d9swB5mxhu9EMscdRfepaX5Riu
q+h+H6+5/O6LsuJuBIKg3UsePDx5YDyKLSyFEyiMxO1RuQENBF+yojEBCAC3H1d8
3nAz5+pZ2eNzEuBJiu4TPMjHYUzJXWoj2oeIrBdHulXWzt9UF4f7YJBrJEpbaIKA
WB12s4AH8T3ajrMZGlOl/a1CojuKBTZReTmurHPezHPV5XVJLKZVAFKiwHzFjP5U
v0GSQlRm1PvgXn2f17uITMS4Jy1YUqR5p80cvWE+zPf+pAQcfbCvMYYZ2OQhwkGT
K+6vnNzOP44uZUAlaM56QumTTYjjthaCx+0TeKKphDiRHNle8sa4zrEqFkpWErpb
y21+NwbrAAKznlKIeP8QOUBK7XHkmXzWicg0ei2K2wIwEd0e/46q7qXp3iohQUNv
4ELQdCy8q9+0zDKpABEBAAGJATwEGAEIACYWIQR/wISDGv0HMvwfgLoEIwmb9v5I
WQUCX7KiMQIbDAUJA8JnAAAKCRAEIwmb9v5IWd6nB/9Oakzk+ANp7ar0yYzmYUwy
i6UcqdxlKyVrFipcuS+Iltp5CyR6oAUyrDsG30QY3JpCCWti4VTxb8kswgM4GZYl
qcZwHxg9AgKorBXJJlozScrsgkAQQQpagGnju18DIT0IMbOZ8jL26C5uie5eeaKA
vqJOFa2F2rLdRBa46r6VKQBTKT/sR3KZiqfCULo06xn9Mf+Jss6pi05Us6/i+gsO
dGOy/VKQaKaUbTHUbqYocp/jRVwFPAFaaKh4MEkyHSiDXfHcDcnInxFWM9NpvZkc
uefm+PZjoOPOAou6cDD/MWK0jBv4q7OMfwdEuDUIMFcvtBHrPTw2w4uP7yb99sRw
=FQwO
-----END PGP PUBLIC KEY BLOCK-----