🔐 Vulnerability Disclosure Policy
Last updated: May 2, 2025
We take security seriously and value the contributions of independent researchers.
If you believe you’ve discovered a vulnerability in our systems, we want to hear from you.
📬 How to Report
Please email us at: support@sproutvideo.com
Include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Supporting evidence (e.g., screenshots, logs, proof-of-concept code)
✅ What to Expect
- Acknowledgment of your report within 5 business days
- Status updates after triage
- Timely resolution of validated issues
- Optional public credit if you choose
🚫 Absolutely No Unauthorized Testing
Unsolicited testing, scanning, probing, or any other form of active assessment
against our systems is NOT authorized.
Do not:
- Attempt denial-of-service (DoS or DDoS) attacks
- Use automated scanning tools or brute-force attacks
- Engage in social engineering or phishing
- Access data, accounts, or systems not explicitly yours
If you are unsure whether your activity is authorized, please ask first.
Violations of this policy may be treated as unauthorized access.
💰 No Bug Bounty Program
We do not offer monetary rewards for disclosures.
Please do not expect payment for reporting vulnerabilities.
⚖️ Legal Safe Harbor
If you follow this policy and act in good faith, we will not pursue legal action
related to your report. We consider activities consistent with this policy to be
authorized access under applicable law.
Thanks again for helping us build a safer internet! ❤️