At Routely, the security and integrity of our platform and user data are top priorities. We are committed to maintaining a secure environment and welcome the support of security researchers and the wider community in identifying potential vulnerabilities.
This Vulnerability Disclosure Policy (“Policy”) outlines how to responsibly report security issues to us and what you can expect in return.
If you believe you’ve discovered a vulnerability related to Routely’s website, platform, or systems, we ask that you notify us promptly and privately via email at support@routely.co.
Please include the following in your report:
A clear description of the vulnerability
Step-by-step instructions or proof-of-concept to reproduce the issue
Any potential impact if the vulnerability were exploited
Optional: screenshots or logs that support your findings
We welcome reports on vulnerabilities that could impact the confidentiality, integrity, or availability of our services. Examples include but are not limited to:
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
SQL Injection
Remote Code Execution (RCE)
Authentication or Authorization flaws
Issues not in scope include:
Spam or abuse reports
Social engineering or phishing attempts
Denial-of-service attacks (DoS/DDoS)
Theoretical vulnerabilities without evidence or reproducibility
We ask researchers to follow these principles:
Do not attempt to exploit the vulnerability. Your role is to report, not to demonstrate damage.
Do not use automated scanning tools that could affect system availability or performance.
Do not access, modify, or delete any data that does not belong to you.
Do not test against production systems in a way that risks stability or service disruption.
Do not disclose the vulnerability publicly. We require a reasonable time to investigate and resolve it.
Routely commits to:
Acknowledge your report
Possibly keep you updated on progress
Possibly notify you upon resolution (or explain if it is not considered a vulnerability)
Routely will not pursue legal action against individuals who:
Act in good faith
Follow this Policy in full
Avoid any activity that could harm our systems or users
However, any action outside this policy or that violates laws, causes disruption, or attempts unauthorized access to data may result in legal response.
While we do not offer financial rewards for vulnerability disclosures, we sincerely appreciate your efforts. If appropriate, we may publicly acknowledge your contribution or thank you directly for your responsible disclosure, subject to your consent.
This Policy does not create any contractual relationship or promise of compensation.
Routely reserves the right to modify or withdraw this Policy at any time without notice.
By submitting a report, you agree to the terms outlined in this Policy.
Thank you for helping us keep Routely secure.
If you have questions about this Policy, contact us at support@routely.co.