Responsible disclosure

We encourage everyone that practices responsible disclosure to participate in our bug bounty program. To take part, please make sure that you:

abide by our terms of service
avoid the use of automated testing frameworks
only perform testing with your own data
include a proof of concept on how the vulnerability could be exploited
do not disclose any information regarding vulnerabilities until we have a fix in place

Rewards are given at our discretion depending on the criticality of the vulnerability reported.

Report a vulnerability

You can report vulnerabilities by contacting security@sequencehq.com.

We will respond as quickly as possible to all submissions that follow the rules above, and will consider them as part of the bug bounty program.

Bug bounty scope

We’ve defined the scope of the bug bounty to exclude some services which are not critical to business or pose no risk to our customer data, or which we consider not suitable for the program at this time.

In scope

our dashboard and APIs, and other content hosted on the https://eu.sequencehq.com subdomain.

Not in scope

https://www.sequencehq.com
https://docs.sequencehq.com
Phishing or social engineering, or otherwise trying to engage Sequence employees
Denial of service attacks
DNSSEC warnings

Security & compliance

Report a vulnerability

​Bug bounty scope

​In scope

​Not in scope

Bug bounty scope

In scope

Not in scope