Responsible Disclosure Policy
SmartRent takes security and privacy very seriously for our users, our products and our staff. If you have discovered a vulnerability, we encourage your help in disclosing this to us in a responsible manner.
SmartRent will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate, respond and fix vulnerabilities in accordance with our commitment to security and privacy, as well as our policies. At SmartRent’s discretion, you may be eligible for monetary compensation for your efforts if you are the first to report a vulnerability and include detailed information to reproduce the vulnerability. We will not take legal action against, suspend or terminate access to the platform those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy. SmartRent reserves all of its legal rights in the event of any noncompliance.
Don’t disclose a bug or vulnerability in the public domain, prior to Responsible Disclosure without consent from SmartRent.
If a vulnerability is discovered, you are not authorized to exploit the vulnerability to compromise any data exposed and you are not authorized to view any data exposed by the vulnerability.
- Do not perform DDOS / spam attacks.
- Do not use scanners or automated tools to find vulnerabilities.
- Never perform phishing, social engineering or physical attacks against our users, employees, or infrastructure.
The scope of this policy includes vulnerabilities discovered on any of our mobile apps, the SmartRent platform, or any smart hubs used by our platform. If you have any questions about the scope of this policy, please contact [email protected].
How to Report an Issue
If you feel you have discovered a vulnerability within the scope of this disclosure policy, please fill out this form.