Swiftype is committed to maintaining the security of our systems. Good security is critical to maintaining the trust of our customers. As such, we strive to continuously improve our security to ensure that we are prepared to meet the challenges posed by an ever-evolving threat landscape.
We value responsible disclosure. When properly notified of a security issue, we are committed to working with security researchers to understand and remediate verified problems. If you believe you have found an issue on our site, we encourage you to report it to us in a private and responsible way. The following guidelines apply to researching and reporting potential security vulnerabilities in our network.
Security evaluations must:
- Be performed only on swiftype.com domain or its subdomains
- Not be performed on any other Swiftype domains, including *.swiftype.net
- Not be performed on any non-Swiftype domain
- Not compromise the availability of Swiftype’s services
- Not compromise the security or privacy of Swiftype’s customers or the data on Swiftype’s network
- Use non-destructive and non-disruptive testing
- Not involve social engineering or evaluation of physical security controls
- Please submit your reports to firstname.lastname@example.org
- Include valid contact information for the reporter
- Include a description of the location and nature of the vulnerability
- Include a short description of the vulnerability’s potential security impact
- Optionally, include detailed steps to reproduce the vulnerability
- Screenshots or videos are always helpful
- Messages can optionally be encrypted to our PGP key
Swiftype response to reports of security evaluations
When reported a security issue, Swiftype will:
- Endeavor to acknowledge initial security evaluation reports within two business days
- Prioritize the reproduction and then confirmation of any reported vulnerability
- For any confirmed vulnerability, promptly identify a reasonable timeline for patching and public disclosure
- Not pursue legal action against any reporter who complies with all of the guidelines for performing and reporting security evaluations, and who also cooperates fully with Swiftype's reasonable requests for assistance in reproducing a vulnerability
Please note that security tests or research which interfere with or disrupt the integrity or performance of the Services violate our acceptable use policy. You must respond immediately to any communications from Swiftype regarding your work to help ensure your activities do not adversely affect other customers or the Swiftype network.