Cortado Pro LogoCORTADO PRO

Security Disclosure

We take security seriously at Cortado Pro. If you believe you've found a security vulnerability, we encourage you to notify us responsibly. We appreciate the efforts of security researchers and will work with you to resolve any issues promptly.

1. How to Report

Please follow these steps when reporting security issues:

  1. Email your findings to security@cortado.pro
  2. Provide detailed information about the vulnerability
  3. Include steps to reproduce the issue
  4. If possible, include proof of concept code

2. Scope

This policy applies to all Cortado Pro products and services. The following are in scope:

  • Web Application: Cortado Pro web application
  • API Services: API endpoints and integrations
  • Mobile Apps: Mobile applications
  • Client Software: Client-side applications

3. Rewards and Recognition

We believe in recognizing security researchers who help us maintain the security of our platform. Our rewards program includes:

  • Hall of Fame: Public acknowledgment on our security hall of fame (with your permission)
  • Bug Bounties: Rewards based on severity and impact
  • Early Access: Priority access to new features and beta programs

Note: Reward amounts are determined based on the severity and impact of the vulnerability. Critical vulnerabilities may be eligible for rewards up to $10,000.

4. Safe Harbor

We will not take legal action against security researchers who:

  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services
  • Only interact with accounts they own or have explicit permission to access
  • Do not exploit a security issue for purposes other than verification
  • Report any vulnerability to us before disclosing it to any other party

5. Contact Us

For questions about our security program or to report a vulnerability, please contact us at security@cortado.pro.