Vulnerability disclosure
Report security issues
Tell us when Delegento, our Slack app, or an integration path behaves in a way that could put customers or workspaces at risk.
Responsible disclosure
Help keep Delegento safe.
We welcome good-faith vulnerability reports for Delegento, including our Slack app and related integrations. If you find something sharp, send it our way and we will handle it carefully.
Triage promise
We review security mail, confirm receipt, and keep reporters posted while fixes move.
Bug bounty
Eligible reports may earn a bounty
High-quality, reproducible reports with real security impact are eligible for bounty review. Scope, impact, and novelty matter.
Contact
One mailbox, real humans
Send reports to security@delegento.com. Please include enough detail for our team to reproduce the issue without touching customer data.
What is in scope
- Delegento web properties and public application surfaces
- Slack app installation, authentication, and permission handling
- Data access controls, tenant boundaries, and privacy-sensitive workflows
- Webhook, integration, and API behavior that could affect customers
What to include
- A clear summary of the finding and affected surface
- Steps to reproduce, screenshots, or a short proof of concept
- Impact, severity, and any data that may have been exposed
- Your preferred contact details for follow-up and credit
Safe harbor
Good-faith testing is welcome.
Stay inside these rules and avoid privacy harm. We will not pursue legal action for accidental, good-faith research that follows this program and is reported promptly.
- Do not access, change, delete, or download customer data.
- Do not disrupt Delegento, Slack, or any third-party service.
- Do not use social engineering, spam, phishing, or physical attacks.
- Give us reasonable time to investigate before public disclosure.
Found something?