Report a Security Issue

Security is paramount to us at Strivacity. We work diligently to ensure the organizations and brands depending on Strivacity can do so with the fundamental understanding that their information is secure and private.

We strongly believe in tackling and resolving security issues head on, and we value the crucial role security researchers play in helping us improve our products and services.

Guidelines for responsible disclosure

At Strivacity, we promise to investigate all reports of security issues and work quickly to address verifiable vulnerabilities.

Once we verify and address an uncovered issue, all we ask is you give us the opportunity to provide our customers with a fix before releasing any information publicly.

As we work together toward resolution, we will give you full public acknowledgement in helping improve the security of our offerings.

Ready to tell us about a security issue?

First and foremost, please wait until we have acknowledged and fixed the issue before publicizing - for example, posting it to a public forum, sharing it on social media, and/or presenting it as part of a conference talk. We take the security and privacy of our customers extremely seriously, and their protection is of the utmost importance.

When you’re ready to report a security issue, please email us at security@strivacity.com. If you can, utilize our PGP key, available here: Strivacity PGP public key

Our fingerprint is: CB4C 7C3D 3586 425B F7FB 4B01 500D 02FC AFDA 582F

In your email, please provide the following:

  • A detailed description relaying the steps to reproduce the vulnerability, as well as exactly where in the process the vulnerability is found
  • A classification of the vulnerability using NIST Common Vulnerability Scoring System (CVSS) - while this information is helpful to us, it is not required if you’re unable to provide