You should not do any public disclosure of a bug without prior approval from the Cleverly’s security team.
Please understand that due to the high number of submissions, it might take some time to triage the submission or to fix the vulnerability reported by you. Therefore, give us a reasonable amount of time to respond to you.
Originality, quality, and content of the report will be considered while triaging the submission, please make sure that the report clearly explains the impact and exploitability of the issue with a detailed proof of concept.
Please make sure that any information like proof of concept videos, scripts etc., should not be uploaded on any 3rd party website and should be directly attached in the email message that you send us.
You are obliged to share any extra information if asked for, refusal to do so will result in invalidation of the submission.
You are not supposed to access any data/internal resources of Cleverly as well the data of our customers without prior approval from the Cleverly security team.
You must be respectful to our existing applications, and in any case you should not run test-cases which might disrupt our services.
Do not use scanners or automated tools to find vulnerabilities since they’re noisy. Doing so will invalidate your submission and you will be completely banned from Cleverly responsible disclosure program.
We also request you not to attempt attacks such as social engineering, phishing etc. These kinds of findings will not be considered as valid ones, and if caught, might result in appropriate legal action.