By embracing Cindicator's values and being active in engaging with our customers, our staff and our product, we enhance the security posture of our company, products, and client-facing services.
Our rigorous security policies and procedures are woven into how we operate as an organization with integrity and ethics. Cindicator does not sell or rent users’ personal or sensitive data to advertisers or to other third parties that might enable advertisement delivery.
They are focused on ensuring security across the company - in our product and infrastructure, as well as in all operations.
Cindicator adheres to the principle of least privilege in access management processes and implements zero trust principles in products and systems.
Company executives are directly involved in overseeing the security strategy.
We continually work to identify and fix security vulnerabilities in our product and infrastructure.
We deeply appreciate any effort to discover and coordinate the disclosure of security vulnerabilities. Unfortunately, at the moment we do not have an open bug bounty program, but we've previously had a positive experience of working with researchers.
Cindicator takes all vulnerability reports very seriously and aims to rapidly respond and verify the vulnerability before taking the necessary steps to address it. After an initial reply to your disclosure (which should be directly after we receive it), we will update you periodically with our response and remediation status.
If you find a security issue in our products or services or have security concerns regarding Cindicator software or systems, please email [email protected]
To support a timely and effective response to your report, please include any of the following:
You can hunt on our domains:
What we don't accept:
When submitting, please use encryption with our PGP Public Key: https://cindicator.com/.well-known/publickey.txt
After receiving the report, our team will contact you in a maximum of 7 days.
When calculating the reward, we take into account the data of third-party bug bounty programs on similar findings and the impact of the found vulnerability on us.