Apps365 Responsible Disclosure Policy
Help us keep our products secure. If you discover a potential security vulnerability, report it responsibly, and we’ll work quickly to investigate and resolve it.
Purpose
Apps365 welcomes responsible security research and encourages good-faith reporting of potential security vulnerabilities affecting Apps365 solutions. We do not operate a public bug bounty program unless explicitly announced.
Scope
- Public Apps365 websites, SaaS applications, APIs and cloud services are in scope.
- Customer-managed Microsoft 365 environments, third-party services, social engineering, physical security testing and denial-of-service testing are out of scope.
Safe Harbor
Researchers acting in good faith, following this policy and avoiding unnecessary access, service disruption or privacy violations will be treated under our responsible disclosure process.
Reporting
Send reports to [email protected] including affected asset, reproduction steps, impact, proof of concept and contact information.
Response
We aim to acknowledge reports within three business days where practicable and coordinate remediation and disclosure.






















