PropertySimple Vulnerability Disclosure Program

PropertySimple welcomes vulnerability reports from researchers. We believe that security and privacy are important and we’re happy to get help from outsiders.

If you think you've found a vulnerability in our application, or a problem that puts our users, their emails or their data at risk, please email our security team at security-reports@propertysimple.com.

We welcome all reports.

Rules of engagement:

  • Do not attempt to target our customers, partners, or personnel, including social engineering attacks, phishing attacks, spam, or denial of service issues.
  • Please use your own account and do not attempt to take over or impersonate another's account.
  • Do not interfere with or impair the proper functioning of any PropertySimple product, service, or website.

How to submit a report

In order to help us prioritize submissions, we ask that your reports:

  1. Describe the location the vulnerability was discovered and the potential impact of exploitation.
  2. Offer a detailed description of the steps needed to reproduce the vulnerability (proof of concept scripts or screenshots are helpful).
  3. Be in English.

What you can expect from us

When you choose to share your contact information with us, we commit to coordinating with you as openly and as quickly as possible. Within one week, we will acknowledge that your report has been received.

To the best of our ability, we will confirm the existence of the vulnerability to you and be as transparent as possible about what steps we are taking during the remediation process, including on issues or challenges that may delay resolution.

We will maintain an open dialogue to discuss issues. Any reports are voluntary and not entitled to compensation.