At Pylon, we take the security of our platform and our customers' data seriously. We appreciate the work of security researchers and welcome responsible disclosure of potential vulnerabilities.
Think you've found a security vulnerability? Please report it to: vulnerability-disclosure@usepylon.com
2.1 Scope & Safe Harbor
2.2 Out of Scope
2.3 What We Need From You
2.4 Response Expectations
Due to the volume of reports we receive, please note:
We prioritize reports based on severity and impact to our customers.
We cannot respond to all submissions, particularly those that:
- Do not follow our disclosure guidelines
- Contain unvalidated vulnerabilities (except where validation would cause harm)
- Report low-value findings commonly identified by automated scanners (e.g., SPF/DMARC records, TLS cipher suites)
- Rely solely on brute force attacks or social engineering
- Are duplicates of previously reported issues
2.5 Good Faith Guidelines
When conducting security research, please:
- Make every effort to avoid privacy violations and disruption to our services
- Only interact with your own accounts or test accounts for security research
- Do not access, modify, or delete customer dataStop testing and report immediately if you encounter customer data
- Do not perform actions that could harm the reliability or integrity of our services
2.6 Recognition
While we don't currently offer a paid bug bounty program, we deeply appreciate the security community's contributions to keeping Pylon secure. We're happy to acknowledge researchers who report valid security issues (with your permission).