Vulnerability Disclosure Program
CallRail is committed to ensuring the security and privacy of our services and customer information. As part of this commitment, we encourage security researchers to contact us to report any potential weaknesses identified in any of our products, systems, and/or assets. This program isn’t intended to represent a public bug bounty program and we make no offers of reward or compensation for submitting potential issues.
Guidelines
Potential vulnerabilities or weaknesses can be disclosed in accordance with the following guidelines:
- Submit a clear, concise description of the issues, including proof-of-concept (POC) URL and details of the system(s) where testing was performed
- Submit a clear and concise description of the steps needed to reproduce the issue
- Submit issues through the form instead of making them public (e.g., on message boards, mailing lists, or other forums)
- Wait to receive notification of resolution prior to disclosing any issues to third parties
- As part of your research don't
- engage in any activity that may cause an outage, stop services, and/or cause disruption to CallRail's services
- cause harm to CallRail, its customers, shareholders, partners, or employees
- engage in unlawful activities (domestic and international)
- engage in activities that violate regulations (domestic and international)
- store, share, compromise or destroy any CallRail or CallRail customer data. If you encounter any protected information (PCI, PHI, PII, etc.) you are required to stop your testing and immediately contact us, legal@callrail.com
- any fraudulent activity or complete fraudulent financial transactions as part of your testing/research
Copyright © 2011-2025 CallRail, Inc. All rights reserved.
