Product

Resources

Pricing

Request a demo

Sign in

Try for free

Product

Resources

Pricing

Request a demo

Try for free

Responsible Disclosure

Responsible Disclosure

Please visit our privacy policy, trust center and privacy center for related details.

Last Updated: March 19th, 2024

How to Report an Issue

If you've discovered a security vulnerability please send an email to security@juicebox.work with the following information:

  • A summary of the vulnerability and its potential impact.

  • Detailed steps to reproduce the issue, including screenshots.

  • Your environment details, such as operating system, browser, and device.

  • If possible, include proof-of-concept code that demonstrates the exploit.

We will investigate the issue. We will keep you informed of our progress and may reach out for further details if necessary.

Rewards

Rewards

We value the efforts of those who contribute to the security of our services by reporting vulnerabilities.

While not all reports will qualify for financial compensation, we offer rewards based on the severity and impact of the vulnerability. Recognizable contributions may, in certain cases, qualify for financial compensation.

Critical vulnerabilities that are severe, have a CVSS score of 4 or higher, and have not been previously identified by our team, are most likely to qualify.

In Scope

In Scope

Out of Scope

  • juicebox.ai

  • chat.juicebox.work

Out of Scope

  • juicebox.ai

  • chat.juicebox.work

  • Automated scanning tools

  • Social engineering attacks

  • Brute force attacks

  • DDoS attacks

  • Clickjacking on pages without sensitive actions

  • Theoretical vulnerabilities without demonstrable exploitability

  • Attacks requiring physical access to a device

  • Denial of service attacks

Out of Scope

We ask you to

  • Automated scanning tools

  • Social engineering attacks

  • Brute force attacks

  • DDoS attacks

  • Clickjacking on pages without sensitive actions

  • Theoretical vulnerabilities without demonstrable exploitability

  • Attacks requiring physical access to a device

  • Denial of service attacks

  • Test vulnerabilities only on your own account. If testing involves another account, ensure you have explicit permission.

  • Avoid copying, modifying, or destroying production data.

  • Refrain from activities that cause downtime or degradation of our services.

  • Adhere to our privacy policies, terms of service, and applicable data privacy regulations.

  • Do not disclose the vulnerability publicly until it has been reported to us and adequately resolved, allowing us reasonable time to address the issue.

We ask you to

  • Test vulnerabilities only on your own account. If testing involves another account, ensure you have explicit permission.

  • Avoid copying, modifying, or destroying production data.

  • Refrain from activities that cause downtime or degradation of our services.

  • Adhere to our privacy policies, terms of service, and applicable data privacy regulations.

  • Do not disclose the vulnerability publicly until it has been reported to us and adequately resolved, allowing us reasonable time to address the issue.

products

Search (PeopleGPT)

Talent insights

Email Outreach

Chrome Extension

Support

Help Center

Book a Demo

Email Support

Email Sales

Responsible Disclosure

Status

Resources

Docs

New Features

Articles

Referral Program

Pricing

Search Library

Video Demo

Legal

Terms and Conditions

Privacy Policy

Do not sell/share my information

Cookie Policy

Cookie Choices

GDPR & CCPA

Company

Careers

Linkedin

Twitter

SECURITY

Trust Center

AI Audit Center

Built in San Francisco.

All rights reserved.

Legal

Terms and Conditions

Privacy Policy

Cookie Policy

Trust Center

Cookie Choices

GDPR & CCPA

Support

Help Center

Privacy Choices

Email Support

Request a Demo

Responsible Disclosure

Resources

Docs

Announcements

Articles

Referral Program

Pricing

Search Library

Company

Careers

Linkedin

Twitter

products

Search (PeopleGPT)

Talent insights

Email Outreach

Built in San Francisco.

All rights reserved.

products

Search (PeopleGPT)

Talent insights

Email Outreach

Chrome Extension

Support

Help Center

Book a Demo

Email Support

Email Sales

Responsible Disclosure

Status

Resources

Docs

New Features

Articles

Referral Program

Pricing

Search Library

Video Demo

Legal

Terms and Conditions

Privacy Policy

Do not sell/share my information

Cookie Policy

Cookie Choices

GDPR & CCPA

Company

Careers

Linkedin

Twitter

SECURITY

Trust Center

AI Audit Center

Built in San Francisco.

All rights reserved.

In Scope

  • juicebox.ai

  • chat.juicebox.work

Out of Scope

  • Automated scanning tools

  • Social engineering attacks, especially those involving [Your Startup's Name] employees

  • Brute force attacks

  • DDoS attacks

  • Clickjacking on pages without sensitive actions

  • Theoretical vulnerabilities without demonstrable exploitability

  • Attacks requiring physical access to a device

  • Denial of service attacks

Out of Scope

  • Automated scanning tools

  • Social engineering attacks, especially those involving [Your Startup's Name] employees

  • Brute force attacks

  • DDoS attacks

  • Clickjacking on pages without sensitive actions

  • Theoretical vulnerabilities without demonstrable exploitability

  • Attacks requiring physical access to a device

  • Denial of service attacks

  • A summary of the vulnerability and its potential impact.

  • Detailed steps to reproduce the issue, including screenshots.

  • Your environment details, such as operating system, browser, and device.

  • If possible, include proof-of-concept code that demonstrates the exploit.

  • Test vulnerabilities only on your own account. If testing involves another account, ensure you have explicit permission.

  • Avoid copying, modifying, or destroying production data.

  • Refrain from activities that cause downtime or degradation of our services.

  • Adhere to our privacy policies, terms of service, and applicable data privacy regulations.

  • Do not disclose the vulnerability publicly until it has been reported to us and adequately resolved, allowing us reasonable time to address the issue.

  • juicebox.ai

  • chat.juicebox.work