Action1 Security Vulnerability Disclosure Policy
Cybersecurity is a top priority for Action1, and cooperation with skilled cybersecurity professionals can spot weak aspects of any technology. If you discover a security vulnerability in Action1, please inform our team so we can work with you to resolve the issue as quickly as possible before it affects you or any of our users.
- If you’ve discovered a potential security flaw, please use the contact form to submit the details.
- We need a reasonable amount of time to research the issue. We aim to resolve all the critical problems within five days of disclosure.
- Make your best effort to avoid breaking any privacy guidelines, causing data destruction, or degrading the Action1 service. Do not access any accounts and/or data that you do not own or have the account owner’s permission.
Action1 strives to provide a secure environment for all of its users who do not violate any applicable laws. Any users who perform harmful activities will be deactivated immediately upon discovery.
If you are a security researcher trying to find vulnerabilities, please do not utilize the following tactics:
- Denial-of-Service (DoS)
- Physical attacks against Action1’s facilities
- Phishing or social engineering of Action1 employees, contractors, or other users.
This policy applies to the Action1 service hosted at app.action1.com and all other services utilized by Action1. Our marketing website (www.action1.com) contains no sensitive data, and we do not accept reports affecting only the marketing features.
Thank you for helping to keep Action1 and our users safe!
Please use this contact form to contact Action1. If you would like to suggest a security-related feature, you can also use our public roadmap to submit it.