Responsible Disclosure

Name: Grain Analytics
Rating: 4.8 (150 reviews)
Author: Grain Analytics

We value the security research community and welcome responsible disclosure of potential vulnerabilities.

Our Commitment

Grain Analytics is committed to ensuring the security of our platform and protecting our users' data. We appreciate the efforts of security researchers who help us maintain the highest security standards.

If you believe you've discovered a security vulnerability in our platform, we encourage you to report it to us responsibly. We will work with you to understand and resolve the issue promptly.

Scope

What is and isn't covered by this policy

In Scope

•grainql.com (main website)

•api.grainql.com (API endpoints)

•@grainql/analytics-web SDK

•Authentication and authorization flows

•Data privacy and isolation issues

Out of Scope

•Social engineering attacks

•Physical security testing

•Denial of service (DoS/DDoS) attacks

•Third-party services (Auth0, Stripe, etc.)

•Spam or content injection without security impact

How to Report

Please follow these steps to report a security vulnerability

Email Our Security Team

Send a detailed report to security@grainql.com

• Encrypted communication available upon request

• Use a descriptive subject line (e.g., "Security Vulnerability: [Type]")

Include Detailed Information

Help us understand and reproduce the issue by providing:

• Description of the vulnerability and its potential impact

• Step-by-step instructions to reproduce the issue

• Proof of concept (PoC) code or screenshots if applicable

• Any tools, settings, or configurations used

• Your assessment of severity (Critical, High, Medium, Low)

Work With Us

We'll coordinate with you throughout the process:

• Acknowledge receipt within 48 hours

• Provide regular updates on our progress

• Coordinate disclosure timeline (typically 90 days)

• Credit you in our security acknowledgments (optional)

Response Timeline

Our commitment to timely vulnerability resolution

48 hours

Initial Response

5 days

Triage Assessment

7-30 days

Fix Timeline

90 days

Coordinated Disclosure

Fix Timeline by Severity

Critical:7 days

High:14 days

Medium:30 days

Safe Harbor

We will not pursue legal action against security researchers who:

Report vulnerabilities in good faith

Make a good faith effort to avoid data destruction

Do not access or modify user data beyond what is necessary

Keep details confidential until we resolve the issue

Do not exploit the vulnerability for personal gain

Recognition

We value your contribution to our security:

Public acknowledgment on our security page (with your permission)

Credit in release notes for fixed vulnerabilities

Direct communication with our security team

Security Researchers Hall of Fame

No vulnerabilities reported yet. Be the first to help us improve our security!

Found a Vulnerability?

We appreciate your help in keeping Grain Analytics secure. Report it to us today.

Contact Security Team View Security Details

Response within 48 hours • Coordinated disclosure • Safe harbor protection