Responsible Disclosure Policy

Effective date: June 25, 2026 Last updated: June 25, 2026

ServiceVisit Technologies, LLC ("ServiceVisit") values the work of security researchers and the broader community in helping keep our websites, applications, and related services (the "Platform") safe. This policy explains how to report a security vulnerability to us, what we ask of researchers, and what you can expect from us.

1. How to report a vulnerability

If you believe you have found a security vulnerability, please report it privately to:

Please include enough information for us to reproduce and assess the issue, such as a description of the vulnerability, the affected component or URL, steps to reproduce, and any proof-of-concept or supporting material. Please do not include more sensitive data than necessary to demonstrate the issue.

2. Please do not disclose publicly

Give us a reasonable opportunity to investigate and remediate before disclosing the issue publicly or to any third party. Coordinated disclosure protects users while a fix is developed and deployed.

3. Permitted testing (scope and rules)

When testing in good faith under this policy, please:

  • only test against accounts and data that belong to you, or for which you have explicit permission;
  • stop as soon as you have confirmed a vulnerability, and report it;
  • avoid actions that could harm the Platform or its users; and
  • comply with applicable law.

The following are not authorized:

  • accessing, modifying, deleting, or exfiltrating data that is not yours;
  • degrading, disrupting, or denying service (for example, denial-of-service or load testing);
  • social engineering, phishing, or physical attacks against ServiceVisit, its personnel, or its users;
  • spam, or sending messages to other users; and
  • automated scanning that generates excessive traffic.

4. Safe harbor

We will not pursue or support legal action against researchers for security research and vulnerability reporting conducted in good faith and in accordance with this policy. If legal action is initiated by a third party against you for activities conducted within the scope of this policy, we will take reasonable steps to make it known that your actions were authorized under it. If you are unsure whether specific testing is authorized, contact us first at security@servicevisit.com. This policy does not authorize actions that violate applicable law, and it does not waive any rights of third parties.

5. What to expect from us

When you submit a report in line with this policy, we aim to:

  • acknowledge receipt within a reasonable time;
  • investigate and validate the issue and keep you informed of progress as appropriate;
  • work to remediate confirmed vulnerabilities in a timeframe appropriate to their severity; and
  • recognize your contribution where you wish to be credited, after the issue is resolved.

[Specify the response timeframes you can commit to — e.g., acknowledgment within X business days. Do not commit to timeframes you cannot meet.]

ServiceVisit does not currently operate a paid bug-bounty program. This policy describes coordinated disclosure, not a rewards program.

6. Relationship to other policies

This policy is the authorized channel for security testing referenced in our Acceptable Use Policy. Our overall security approach is summarized in the Security Overview.

7. Changes to this policy

We may update this policy from time to time. The "Last updated" date above reflects the most recent revision.

← Back to Legal Hub

ServiceVisit Sales

Pre-sales questions? Ask away.

Say hello to get started.