Skip to content

Vulnerability Disclosure Policy

Hardline welcomes responsible vulnerability reports from security researchers, customers, and partners.

This policy applies to Hardline-owned systems and services, including:

  • hardlineapp.com and Hardline marketing properties
  • app.hardlineapp.com
  • api.hardlineapp.com
  • Hardline mobile applications
  • Hardline-managed subdomains and infrastructure

Email:

security@hardlineapp.com

Please include:

  • A clear description of the issue
  • Steps to reproduce
  • Affected endpoint, app, page, or component
  • Potential impact
  • Your contact information
  • Any suggested remediation

Do not include more customer data than necessary to demonstrate the vulnerability.

PhaseTarget
Acknowledge receiptWithin 48 hours
Initial triageWithin 5 business days
RemediationBased on severity and complexity
Disclosure coordinationAfter fix deployment or by mutual agreement

Hardline will not pursue legal action against good-faith researchers who:

  • Avoid privacy violations and data destruction
  • Do not exfiltrate customer data
  • Do not disrupt or degrade service availability
  • Report the issue promptly
  • Give Hardline reasonable time to investigate and remediate before public disclosure

The following are out of scope:

  • Social engineering
  • Physical attacks
  • Denial-of-service testing
  • Spam or phishing
  • Vulnerabilities in third-party services not controlled by Hardline
  • Reports that require stolen credentials or unauthorized access to private accounts

Hardline does not currently operate a paid bug bounty program. With permission, Hardline may credit researchers who responsibly report valid vulnerabilities.