Sparrow Vulnerability Disclosure Policy
At Sparrow, security is a top priority. We are committed to maintaining the trust of our users by protecting their data and ensuring the security of our services. We welcome reports from security researchers and the broader community on potential vulnerabilities so we can address them quickly and responsibly.
How to Report a Vulnerability
What You Can Expect From Us
No Bounty Program (Yet)
Safe Harbor
How to Report a Vulnerability
If you believe you have discovered a security vulnerability in our systems, we encourage you to report it to us responsibly. Please email a detailed report to: security@trysparrow.com. In your report, please include:
- A clear description of the vulnerability.
- Steps to reproduce the issue, including any relevant URLs, payloads, and screenshots.
- The potential impact of the vulnerability.
We request that you:
- Do not exploit the vulnerability or access data that is not yours.
- Do not perform actions that could impact the availability or integrity of our services (e.g., denial of service).
- Give us a reasonable amount of time to address the issue before any public disclosure.
What You Can Expect From Us
- We will acknowledge receipt of your report promptly, typically within 3 business days.
- We will investigate the issue and strive to resolve it as quickly as possible.
- We will keep you informed of our progress throughout the process.
No Bounty Program (Yet)
At this time, we do not offer monetary rewards for vulnerability reports. However, we deeply appreciate the efforts of the security community and may publicly acknowledge contributors who responsibly disclose issues, with their consent.
Safe Harbor
We support good-faith security research and will not pursue legal action against individuals who report vulnerabilities in accordance with this policy. We ask researchers to act in good faith and avoid any activity that could harm our users or systems.