Action1 Security Vulnerability Disclosure Policy
Cybersecurity is a top priority for Action1, and cooperation with skilled cybersecurity professionals can spot weak aspects of any technology. If you discover a security vulnerability in Action1, please inform our team so we can work with you to resolve the issue as quickly as possible before it affects you or any of our users.
Disclosure Policy
- If you’ve discovered a potential security flaw, please use the form below to submit the details.
- We need a reasonable amount of time to research the issue. We aim to resolve all the critical problems within five days of disclosure.
- Make your best effort to avoid breaking any privacy guidelines, causing data destruction, or degrading the Action1 service. Do not access any accounts and/or data that you do not own or have the account owner’s permission.
Exceptions
Action1 strives to provide a secure environment for all of its users who do not violate any applicable laws. Any users who perform harmful activities will be deactivated immediately upon discovery.
If you are a security researcher trying to find vulnerabilities, please do not utilize the following tactics:
- Denial-of-Service (DoS)
- Physical attacks against Action1’s facilities
- Spamming
- Phishing or social engineering of Action1 employees, contractors, or other users.
This policy applies to the Action1 service hosted at app.action1.com and all other services utilized by Action1. Our marketing website (www.action1.com) contains no sensitive data, and we do not accept reports affecting only the marketing features.
Thank you for helping to keep Action1 and our users safe!
Contact
Please use the form below to contact Action1. If you would like to suggest a security-related feature, you can also use our public roadmap to submit it.
Action1 Public Key
To obtain the Action1 encryption key for secure submission and other pertinent information, look into our standardized security.txt file (located at https://www.action1.com/.well-known/security.txt)