Organizational Intelligence Infrastructure

Synaply
Menu
Try Free
Synaply

Security & Vulnerability Reporting

At Synaply, we take the security of our platform and our users’ data seriously. We welcome responsible disclosure from security researchers and the broader community.


Reporting a Vulnerability

If you believe you have discovered a security vulnerability in Synaply, please report it to us privately before disclosing it publicly.

Email: info@synaply.io
Subject Line: [SECURITY] Brief description of the issue

 

What to Include in Your Report

To help us investigate quickly and effectively, please include:

  • A clear description of the vulnerability
  • The affected URL, endpoint, or component
  • Step-by-step instructions to reproduce the issue
  • Your assessment of potential impact or severity
  • Any supporting materials (screenshots, logs, proof-of-concept)
 

Our Commitment to You

Once we receive your report, we will:

  • Acknowledge your report within 48 hours
  • Provide a status update within 5 business days
  • Keep you informed as we investigate and resolve the issue
  • Credit you (if desired) once the issue has been fixed
 

Responsible Disclosure Policy

We ask that you:

  • Allow us reasonable time to investigate and fix the issue before public disclosure
  • Do not access, modify, or delete data that does not belong to you
  • Do not perform actions that could disrupt service availability (e.g., denial-of-service attacks)
  • Do not use automated scanning tools on our production systems without prior approval
  • Act in good faith

In return, we commit to acting in good faith as well and will not take legal action against researchers who follow this policy.

Scope

In Scope

The following systems are eligible for vulnerability reports:

  • app.synaply.io and all tenant subdomains (*.synaply.io)
  • Synaply API endpoints
  • Synaply MCP integration (/api/mcp)
  • OAuth authorization flows
 

Out of Scope

The following are not considered valid for this program:

  • Social engineering attacks targeting Synaply employees
  • Physical security issues
  • Vulnerabilities in third-party services (please report directly to those vendors)
  • Issues requiring physical access to a user’s device
 

Contact

For general inquiries:
info@synaply.io

For security-related reports only:
info@synaply.io