Terms of Service
Privacy Policy
Responsible Disclosure Policy
AmplifyReach is a startup and makes best efforts to protect customer data. understands that protection of customer data is a significant responsibility and requires the highest priority. We genuinely value the assistance of security researchers and any others in the security community to assist in keeping our systems secure. The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users.
  • Reach out to bug-report@amplifyreach.com, if you have found any potential vulnerability in our products meeting the criteria mentioned in the policy below.
  • You can expect an acknowledgment from our team in about 72 hours of submission.
  • AmplifyReach will define the severity of the issue based on the impact and the ease of exploitation.
  • We may take 5-10 days to validate the reported issue.
  • Actions will be initiated to fix the vulnerability in accordance with our commitment to security and privacy. We will notify you when the issue is fixed
  • When conducting security testing, should not violate our privacy policies, modify/delete unauthenticated user data, disrupt production servers, or to degrade user experience.
  • Perform research only within the scope set out below;
  • Use the identified communication channel, viz., bug-report@amplifyreach.com to report the vulnerability information to us; Documenting or publishing the vulnerability details in public domain is against our responsible disclosure policy; and
  • Keep information about any vulnerability confidential until the issue is resolved
Reporting Guidelines
Please provide the following details on the report
  • Description and potential impact of the vulnerability;
  • A detailed description of the steps required to reproduce the vulnerability; and,
  • Where available, a video POC.
  • Your preferred name/handle for recognition in our Security Researcher Hall of Fame
Domains in Scope
  • *.amplifyreach.com
Qualifying Bugs
  • Remote code execution (RCE)
  • SQL/XXE Injection and command injection
  • Cross-Site Scripting (XSS)
  • Server side request forgery (SSRF)
  • Misconfiguration issues on servers and application
  • Authentication and Authorization related issues
  • Cross site request forgeries (CSRF)
Non Qualified Bugs
  • Html injection and Self-XSS
  • Host header and banner grabbing issues
  • Automated tool scan reports.Example: Web, SSL/TLS scan,Nmap scan results etc.,
  • Missing HTTP security headers and cookie flags on insensitive cookies
  • Rate limiting, brute force attack
  • Login/logout CSRF
  • Session timeout
  • Unrestricted file upload
  • Open redirections
  • Formula/CSV Injection
  • Vulnerabilities that require physical access to the victim machine.
  • User enumeration such as User email, User ID etc.,
  • Phishing / Spam (including issues related to SPF/DKIM/DMARC)
  • Vulnerabilities found in third party services
  • EXIF data not stripped on images
Hall of Fame
While AmplifyReach does not provide any reward for responsibly disclosing unique vulnerabilities and working with us to remediate them, we would like to publicly convey our deepest gratitude to the security researchers. We will add your name to our Hall of Fame. Your legendary efforts are truly appreciated by AmplifyReach. We would like to recognise the efforts of the following individuals for their contribution to our responsible disclosure program. Please accept our sincerest gratitude to every one of you.
  • Names
COMPANY
INDUSTRIES
CRM INTEGRATIONS
Copyright 2017-2025 © AmplifyReach Solutions Private Limited. All right Reserved. Contact Us Get it on Google Play
Terms of Service | Privacy Policy
Disclaimer: All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.