At Leafpress, our priority is to protect our customers' data. We appreciate contributions from our community that aid us in identifying any potential weaknesses in our product and services.

How to report an issue

If you have discovered an issue or vulnerability that is in-scope (see below), please send an email to [email protected] with the following details.

• A summary of the vulnerability and potential impact
• Steps to reproduce the issue, including screenshots
• Details of your environment including OS, browser, and device details
• If possible, proof-of-concept code to exploit the vulnerability

Upon receiving your email, our team will conduct an investigation. We will update you on our progress, and may request further details if needed.

Of course, we will offer a reward efforts that depend on the severity of the vulnerability. A vulnerability with a CVSS score of 4 or higher and have been previously unidentified will be guaranteed financial compensation.

All other original reports will be considered, and the reward may range from being featured in our security page or financial compensation.

In scope

• https://leafpress.io/
• https://app.leafpress.io/

We kindly ask you

• Test the vulnerability on your own account. If testing on another account, make sure to have requested explicit permission
• Do not copy or destroy production data
• Do not engage in activities that will cause downtime for our services
• Avoid violations to our privacy policies, terms of service, and other data privacy regulation
• Do not make the vulnerability public before reporting it to us via the procedures above, and giving us enough time to properly address the issue

Happy hacking!