Responsible disclosure

At Showpad, privacy and security are our top priorities. We work to keep our service and related assets safe and secure. However, if you identify a vulnerability, we’d love to hear from you right away..

Do's

Contact us at vulnerability@showpad.com (either in English or Dutch). We may then direct you to our bug bounty program where you can submit your report detailing what you found, how we can replicate your findings (including the URL, IP, screenshots, etc. ), and, if possible, how we can mitigate the vulnerability
Report in a manner that safeguards the confidentiality of the findings so that others do not gain access to the information

Don'ts

Take advantage of the vulnerability or problem you have discovered (examples: downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people’s data)
Perform a physical attack or use social engineering, distributed denial of service, spam, or third-party applications
Repeatedly gain access to the system or share access with others
Make changes to the system
Perform actions that may lead to damages for Showpad or any of its users/customers or website visitors
Reveal any of this information without the consent of the Showpad Security Office

Our Promise

We will do our best to acknowledge receipt of your report within three business days
We will not undertake any legal action if you accept and apply all the rules above
We will treat your contribution with the necessary respect and will not reveal your personal data with any third parties without your consent unless we are legally required to do so. Findings can be shared using an alias
We will keep you updated on the progress of the fix

Interested in joining our Intigriti program?

If you are interested in joining our Intigriti program and collecting bounties for your findings, please contact the Showpad security team at vulnerability@showpad.com.