x

Sign Up

Free trial. No credit card required.

Email already taken. Please sign in or try another email.
I agree to the terms of service and privacy policy.
Please agree to the terms of service and privacy policy to continue.
Close icon for modal
Book a Demo

See Heymarket in Action

Learn how Heymarket can help your business create personalized conversations at scale.

Book a Demo
Privacy

Vulnerability Disclosure Program (VDP)

Introduction

At Heymarket, we are committed to ensuring the security and privacy of our systems, products, and services. To help achieve this, we welcome contributions from the security community and other individuals who responsibly identify and report potential vulnerabilities. Our Vulnerability Disclosure Program (VDP) provides a safe, structured way for researchers to disclose security issues. If you have identified a vulnerability, please follow the guidelines below to report it.

Commitment to Researchers

As part of this program, Heymarket is committed to the following:

  • Confidentiality and professionalism in all dealings with researchers.
  • Prompt communication with researchers.
  • Careful review and fair treatment of all accepted submissions.
  • Remediation as required to protect the safety and security of Heymarket and its customers

Expectations of Researchers

As part of this program, Heymarket expects the following of researchers:

  • Confidentiality and professionalism in all dealings with Heymarket.
  • Adherence to the terms and conditions associated with this program.
  • Responsible and private disclosure of vulnerabilities to Heymarket.
  • Compliance with applicable laws and regulations.

Scope

The following systems/services are within scope:

  • Heymarket Corporate Website (https://www.heymarket.com/)
  • Heymarket Application (https://app.heymarket.com/, https://api.heymarket.com/)
  • Heymarket Mobile Apps (iOS, Android)
  • Heymarket Google Chrome Widget

Prohibited Activities

The following activities are strictly prohibited:

  • Any activities that adversely affect the performance or delivery of Heymarket services and operations, including denial of service attacks.
  • Any activities that adversely affect Heymarket’s customers or suppliers.
  • Any activities that involve the disclosure or display to any third-parties or to the public of the finding, including any proof of concept, unless expressly authorized in writing by Heymarket.
  • Any activities that involve social engineering techniques, including impersonation or use of existing credentials, in any capacity.
  • Any activities that involve coercion, harassment, threats, or intimidation.
  • Any activities that involve physically accessing assets belonging to Heymarket or Heymarket’s customers, or associated with the delivery of Heymarket services or operations.
  • Any activities that violate the Heymarket’s Privacy Terms, or the general privacy of Heymarket or Heymarket’s customers. In this regard, Heymarket expects that researchers will avoid unauthorized access to another person’s data. If you encounter personally-identifiable information, customer data or other sensitive data, please contact us immediately, do not proceed with access, and do not retain any copies of such information.
  • Any activities that violate applicable laws and regulations.

Reward Policy

Heymarket appreciates the contributions of researchers towards improving the security of our platform. At Heymarket’s discretion, and subject to applicable laws (including those that may prohibit a reward entirely), a reward may be provided for significant findings, though Heymarket does not guarantee a reward for all submissions. If you are a minor, are included in any sanctions list, or live in a country that is on a sanctions list, we cannot provide a reward. Accordingly, a reward may be denied for failure to provide information to Heymarket in the course of its compliance process, which includes validating the identity and location of any recipient of a potential reward.

Submission Process

Please submit findings via email to security@heymarket.com ensuring all of the below submission requirements have been satisfied.

Submission Requirements

In order for a submission to be accepted, the following conditions must be met:

  • The finding must not have been previously identified.
  • Researchers must not have performed any of the above mentioned prohibited activities.
  • The finding must not involve any of the above mentioned prohibited activities.
  • The finding must be associated with a target listed within the above mentioned scope.
  • The finding must not be disclosed without Heymarket’s express written permission.
  • Submissions must clearly identify the impact to the integrity, availability, and/or confidentiality of the target system/service.
  • Submissions must include a proof of concept of the finding (e.g., screen recording), however, this is subject to the limitations above related to personally-identifiable information.
  • Submissions must include sufficient information for the Heymarket team to triage, reproduce, and assess the finding.
  • [addition]

Additional Terms

Heymarket reserves the right to modify or terminate this program at any time without notice, and without any retroactive changes.

 

Version 1.1 – Dec 2024