Vulnerability Reporting
Guidelines
- Reach out to bughunt@salesmate.io, if you have found any potential vulnerability in Salesmate meeting all the below mentioned criteria. You can expect a confirmation from our security team in about 24 hours of submission.
- You can also report bugs online below, using the “Report” form at the bottom of the page.
- Please refrain from doing security testing in existing customer accounts.
- When conducting security testing, make sure not to violate our privacy policies, modify/delete unauthenticated user data, disrupt production servers, or to degrade the user experience.
- You’re allowed to disclose the discovered vulnerabilities only to bughunt@salesmate.io. Documenting any potential In/Out of scope, vulnerability to the public is against our responsible disclosure policy.
Exclusions
While researching, we’d like to ask you to refrain from the following list as these issues will be closed as Not Applicable:
- Denial of service
- Spamming
- Unconfirmed reports from automated vulnerability scanners
- Disclosure of server or software version numbers
- Mobile application issues that can only be exploited on a compromised device.
- Open HTML redirects
- Arbitrary file upload – CDN
- Issues with DNS records such as SPF, DKIM or DMARC
- Insufficient Password Policy Implementation
- Use of HTTP Strict Transport Security (HSTS)
- You must not attempt to gain access to, or interact with, any accounts other than those created by you.
- The use of commercial scanners is prohibited (e.g., Nessus).
- Social engineering (including phishing) of Salesmate’s staff or contractors
- Any physical attempts against Salesmate’s property or data centers
Qualifying Security Bugs
All bugs that are reported are qualified based on their impact on customer’s production data.
We will consider other security vulnerabilities if it is making an impact and exploitable with a working non-intrusive POC.
In-Scope Domains
- *.salesmate.io
Bugs Severity
Salesmate will define the severity of the issue based on the impact and the ease of exploit.
Response Time
| RESPONSE TYPE | TIME |
|---|---|
| Acknowledgment | Within 24 hours |
| Time is taken to resolve | Based on the Severity |
What they says
Happy & Growing Customers
I have tried many CRM for my real estate business, and found none like Salesmate. Really impressed with its excellent features like email tracking, email scheduling, and workflow automation.
After trying over 30 different CRM software, I found everything I need in Salesmate without paying over the odds. It gives flexibility to customize. Besides, they have outstanding customer support too.
Great CRM with more features than other CRMs that's triple the cost. Very user friendly interface, very friendly and responsive support
An absolutely outstanding CRM with built-in email and text scheduling / templates, extensive organization & customization capabilities, and robust workflow automation. And all at a great price! Very highly recommended!
The chrome plugin (Gmail CRM) of Salesmate has been a huge help. It's incredibly simple to use and super intuitive. The support is quick and precise. Would definitely recommend.
