Responsible Disclosure Policy

Shieldfy aims to keep its Service safe for everyone, and data security is of utmost priority. If you are a security researcher and have discovered a security vulnerability in the Service, we appreciate your help in disclosing it to us in a responsible manner. Shieldfy will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate, respond and fix vulnerabilities in accordance with our commitment to security and privacy. We won’t take legal action against or suspend or terminate access to the Service of those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy. Shieldfy reserves all of its legal rights in the event of any noncompliance.


You may test only against an Account for which you are the Account Owner. In no event are you permitted to access, download or modify data residing in any other Account or that does not belong to you, or attempt to do any of the foregoing. Scope:-

  • All domains and subdomains owned by Shieldfy inc. https://*.shieldfy.* that points to Shieldfy services not outside 3rd party services.
You are also prohibited from:
  • Executing or attempting to execute any “Denial of Service” attack
  • Bruteforcing attack on anykind
  • knowingly posting transmitting, uploading, linking to, sending or storing any malicious Software
  • Testing that leads to unsolicited or unauthorized junk mail or spam
  • Testing in a manner that would degrade the operation of the Service
  • Doing or attempting to do any type of social engineering on Shieldfy employees or Shieldfy customers


Share the details of any suspected vulnerabilities with the Shieldfy Security Team by sending an email to Sending an email to any other address is strictly prohibted.
please include the following information on your report :--

  • Vulnerability details with information to allow us to efficiently reproduce your steps
  • Screenshots, videos, files or any other POC.
  • Your name, email address, twitter handler as it should be displayed on thanks list if you would like it to be

Please use PGP to encrypt your report.

Public Disclosure

Please allow us the reasonable amount of time to invistigate and resolve the security issue before asking for public disclosure. Any publicly disclosure of the vulnerability without express written consent from Shieldfy inc. will be faced with legal actions.

Have a question?

Not sure exactly what we’re looking for or just want clarification? We’d be happy to chat with you and clear things up for you. Anytime!

Email us