Vulnerability Disclosure Policy

Effective as of January 23, 2025.

‍

Introduction

At Point, the security of our systems and the protection of customer data are top priorities. We welcome reports of potential vulnerabilities from security researchers, customers, and other stakeholders to help us improve the safety of our services.

‍

Scope

This policy applies to vulnerabilities affecting systems, applications, and services owned or managed by Point.

‍

How to Report a Vulnerability

If you discover a potential vulnerability, please email us at security@point.com.  Your report should include:

• A detailed description of the issue.
• The affected system, application, or service.
• Steps to reproduce the vulnerability.

What to Expect

• We will acknowledge receipt of your report within five (5) business days.
• Our security team will review and prioritize the report based on its severity.
• If applicable, we may reach out for additional information during the investigation.

Rules of Engagement

To ensure your research is safe and within scope:

• Do not test systems in a way that could disrupt our services.
• Avoid accessing, altering, or deleting any data that is not your own.
• Adhere to all applicable laws and regulations.

Recognition

While we do not offer monetary rewards, we are happy to publicly acknowledge verified and actionable reports if requested.

‍

Legal Safe Harbor

If you follow the guidelines outlined in this policy, we commit to not pursuing legal action against you for your report.

‍

Contact

For any questions about this policy or the Vulnerability Disclosure Program, please contact us at security@point.com.

‍

Thank you for helping us protect our customers and maintain a secure environment. Your efforts are greatly appreciated!