At Sprout Social™, we take the security of our users’ data very seriously. We encourage those who have discovered potential security vulnerabilities in a Sprout Social™ service to disclose it to us in a responsible manner.
We will work with security researchers to validate and respond to vulnerabilities that are reported to us. We won’t take legal action against or suspend or terminate your account access provided you discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy. Sprout Social reserves all of its legal rights in the event of any noncompliance.
You may only test against an account for which you are the account owner or an agent authorized by the account owner to conduct such testing.
Share the details of any suspected vulnerabilities with the Sprout Social™ Security Team by sending an email to firstname.lastname@example.org. Please do not publicly disclose these details without express written consent from Sprout Social™. In reporting any suspected vulnerabilities, please include the following information:
Sprout Social™ does not compensate individuals or organizations for identifying potential or confirmed vulnerabilities. Requests for monetary compensation will be deemed in violation of this Responsible Disclosure Policy.
To all security researchers who follow this Responsible Disclosure Policy, Sprout Social™ promises to:
Sprout Social™ thanks the following individuals and organizations that have participated in our responsible disclosure program.