Security

The full regulation on how we process your data is outlined in our terms and conditions and in our privacy policy. Please refer to those in case of doubt. The following page is intended as a quick reference on the essential principles that govern our data policies.

Useful Resources

Vulnerability Disclosure

Policy

Your privacy and data security are crucial to us at Akiflow, and we constantly work to identify weaknesses in our technology.

The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our systems, our customers and their data.

If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

Disclosure Policy

  • Let us know as soon as possible upon discovering a potential security issue, and we'll make every effort to resolve the problem quickly.

  • Please provide us with a reasonable amount of time to resolve the issue before any disclosure to the public or a third party.

  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with the explicit permission of the account holder.

While researching, we'd like to ask you to refrain from:

  • Denial of service

  • Spamming

  • Social engineering (including phishing) staff or contractors

  • Any physical attempts against Akiflow property or data centres

Bounty program

Currently, Akiflow does not officially ensure any bounty for found bugs, but if you believe you've found a security issue with Akiflow, please tell us so we can address it. Your efforts may be eligible for a monetary reward.

You may be eligible for a monetary reward if you are the first person submitting a bug and you comply with all the rules listed in this document.

Out-of-scope vulnerabilities

  • Anything that's on any domain different than akiflow.com, app.akiflow.com and api.akiflow.com and the desktop client.

  • Dynamic XSS, unless chained with other exploits.

  • Open redirect issues unless chained with other exploits.

  • Network-level Denial of Service (DoS/DDoS) attacks

  • Spam-related issues

  • Issue affecting third parties (Chargebee, Intercom, postmark, etc.)

  • UI and UX bugs (i.e., copy errors, spelling mistakes)

  • Other non-security related bugs

  • Findings from physical testing (i.e., at offices, following employees, etc.)

Feel free to reach out to report the problems mentioned above, but most likely, we will not recognize any monetary reward for it.

How you should behave while looking for bugs

  • Delete any test data or accounts you have created as part of the research. (if possible)

  • Don't attack or interact with end-users.

  • Don't engage with stolen user data, including credentials.

  • Don't use social engineering attacks, such as phishing.

Reporting

If you believe you have found a security vulnerability, please report it by emailing support@akiflow.com.

  • Please include a detailed description and potential impact of the vulnerability with the steps required to reproduce the vulnerability, highlighting the security impact. (POC scripts, screenshots and videos are all helpful).

  • Your submission should include instructions for reproducing the vulnerability (written or video). Reports without clear reproduction steps may be ineligible for a reward.

FAQ