Help us build a secure product, so we can help others do it too.

Reporting a security issue

If you discover an issue please send an email to security@perceptive.is outlining:

• A summary of the issue and its potential impact.
• Steps for how to replicated the issue.
• Details of the environment you're using.
• Proof-of-concept code to exploit the vulnerability (if available).

We will investigate as soon as possible, keep you updated on progress, and may reach out to you for further clarification. Once resolved we will update our customers as appropriate.

Being an early-stage start-up we don't currently provide compensation for valid vulnerabilities, but it is something we're very much hoping to do in the future.

In scope

• Our website - https://www.perceptive.is
• Our product - https://app.perceptive.is
• Our integrations with Jira, Linear, GitHub, and others.

Out of scope

• Automated scanning of any kind.
• Social engineering of any kind.
• Denial of service attacks of any kind.
• Attacks requiring physical access to a victim's computer.
• Theoretical attacks without proof of exploitability.
• Man-in-the-middle attacks.
• Clickjacking on pages with no sensitive actions.
• High-privilege users (admins) using a bug to sabotage/deface their own organisation.

We kindly ask

• Please only test vulnerabilities on your own Perceptive account and workspace, or with explicit permission from the account owner.
• Make a good faith effort to avoid privacy violations, copying or destruction of data, and interruption or degradation of our service.
• If you obtain remote access to our systems, do not attempt to expand or elevate access to other servers.
• To prevent further exploitation, please do not make the vulnerability public before reporting it to us, and give us adequate time to address the issue.

Thank you.