TalkToHumans
Log inGet started

Vulnerability Disclosure Policy

If you believe you have found a security vulnerability in TalkToHumans, please report it to robin@coolsapiens.co.

We welcome good-faith security research that helps us protect our customers, provided you follow this policy and avoid harming our users, systems, or data.

In Scope

This policy applies only to the following public TalkToHumans properties:

  • www.talktohumans.app
  • talktohumans.app
  • app.talktohumans.app

How To Report

Please include enough detail for us to reproduce and validate the issue:

  • A short description of the issue and affected asset.
  • Steps to reproduce, proof of concept, or screenshots.
  • The impact you believe the issue could have.
  • Your contact details so we can follow up.

Rules Of Engagement

  • Act in good faith and stop testing once you confirm a vulnerability.
  • Test only against accounts and data you own or are explicitly authorized to use.
  • Use the minimum level of interaction needed to demonstrate the issue.
  • Give us a reasonable opportunity to investigate and remediate before public disclosure.

Out Of Scope

  • Denial-of-service, load testing, or activity that degrades availability.
  • Social engineering, phishing, or physical attacks.
  • Spam, credential stuffing, brute force, or automated account creation.
  • Accessing, modifying, or exfiltrating data that does not belong to you.
  • Testing against third-party services or integrations that we do not control.

Safe Harbor

If you make a good-faith effort to follow this policy, we will not pursue legal action or suspend your account solely for your security research. This safe harbor applies only to activity that complies with this policy and does not extend to any unlawful, destructive, or privacy-invasive conduct.

What You Can Expect From Us

  • We aim to acknowledge receipt within 3 business days.
  • We may contact you for additional details while we investigate.
  • If the report is valid, we will work in good faith toward remediation.

No Bug Bounty

TalkToHumans does not currently operate a paid bug bounty program. We still appreciate responsible disclosure and the time spent reporting legitimate issues.