Back to Home
KudosWall
Security

Responsible Disclosure

Help us keep KudosWall secure for everyone.

Our Commitment

Security is a top priority at KudosWall. We believe that professional security researchers play a crucial role in the ecosystem. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us.

Vulnerability Disclosure Guidelines

Notify us as soon as possible after you discover a real or potential security issue.

Provide a detailed description of the vulnerability and the steps required to reproduce it.

Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing.

Give us a reasonable amount of time to resolve the issue before making any information public.

What is in Scope?

The following domains and services are included in our responsible disclosure program:

  • kudoswall.org (Main website and marketing pages)
  • app.kudoswall.org (Dashboard and principal platform)
  • api.kudoswall.org (Public and internal APIs)
  • Official KudosWall testimonial widgets and embed scripts

Note: Third-party integrations or services used by KudosWall but not controlled by us are out of scope.

Reporting a Vulnerability

If you believe you have discovered a security vulnerability, please send a report to:

security@kudoswall.org

We typically respond within 48 hours.

Please include as much information as possible, including screenshots, proofs of concept, and impact assessment.

Rewards & Recognition

At this stage, KudosWall does not operate a paid bug bounty program. However, for significant findings that help us secure our platform, we may offer:

  • Official recognition on our Hall of Fame (optional)
  • KudosWall "Security Hero" swag
  • Free lifetime access to our Pro or Business plans

Safe Harbor

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

Thank you for your help