Security
Report a security issue.
Send security reports for Spot Suite and enabled apps to hello@spot-suite.com. We do not run a public bug bounty program unless it is agreed in writing.
Last updated: May 19, 2026.
What to include
Clear reports help us confirm the issue and route it to the right product owner.
- The affected domain, route, product, account type, and Environment context.
- Steps to reproduce with screenshots, request IDs, timestamps, or logs where useful.
- The likely impact, including which Environment, user, token, or record could be affected.
- A safe contact method for follow-up.
Testing boundaries
- Do not access, change, delete, or export data that is not yours.
- Do not run denial-of-service, spam, social engineering, or physical attacks.
- Do not test against customer Environments without written permission from that customer.
- Stop testing and contact us if you reach another Environment boundary or sensitive data.