Security

Report a security issue.

Send security reports for Spot Suite and enabled apps to [email protected]. We do not run a public bug bounty program unless it is agreed in writing.

Last updated: May 19, 2026.

What to include

Clear reports help us confirm the issue and route it to the right product owner.

The affected domain, route, product, account type, and workspace context.
Steps to reproduce with screenshots, request IDs, timestamps, or logs where useful.
The likely impact, including which tenant, user, token, or record could be affected.
A safe contact method for follow-up.

Do not access, change, delete, or export data that is not yours.
Do not run denial-of-service, spam, social engineering, or physical attacks.
Do not test against customer workspaces without written permission from that customer.
Stop testing and contact us if you reach another tenant boundary or sensitive data.