1. Guidelines

This disclosure program is limited to security vulnerabilities in web applications owned by Outmind. This program does not provide monetary rewards for bug submissions. All vulnerabilities affecting Outmind app should be reported via email to the Product Security Team via security@outmind.fr.

2. Eligible vulnerabilities

We encourage the coordinated disclosure of the following eligible web application vulnerabilities:
- Cross-site scripting
- Cross-site request forgery in a privileged context
- Server-side code execution
- Authentication or authorization flaws
- Injection
- Vulnerabilities
- Directory Traversal
- Information Disclosure
- Significant Security Misconfiguration

To receive credit, you must be the first reporter of a vulnerability and provide us a reasonable amount of time to remediate before publicly disclosing. When submitting a vulnerability, please provide concise steps to reproduce that are easily understood.

3. Terms and conditions

- Please use your own account for testing or research purposes. Do not attempt to gain access to another user’s account or confidential information.
- Please do not test for spam, social engineering or denial of service issues. Your testing must not violate any law, or disrupt or compromise any data that is not your own.
- Please contact security@outmind.fr to report security incidents such as customer data leakage or breach of infrastructure.