Responsible Disclosure Policy

Last update: February 05, 2024

Streamkap is committed to ensuring the safety and security of our customers. We aim to foster an open partnership with the security community, and we recognize that the work the community does is important in continuing to ensure safety and security for all of our customers. We have developed this policy to both reflect our corporate values and to uphold our legal responsibility to good-faith security researchers that are providing us with their expertise.

How to Submit a Vulnerability

If you have discovered an issue that is not part of our out-of-scope vulnerabilities, please send an email to with the following details:

  1. A summary of the issue and potential impact, a breakdown of the steps to replicate the issue, details of the environment you are using, If available, any proof-of-concept code to exploit the vulnerability.
  2. Upon receiving your email, our team will start investigating the issue. We will keep you updated on the progress and may reach back for further details if needed.
  3. Of course, we want to compensate your effort, so for any valid vulnerabiities with a CVSS score of 4 or higher, we will reach back to you with a financial reward.
Focus areas

In scope

Out of scope

We kindly ask you

Only test the vulnerability on your own account or with explicit permission from the account holder.

Make a good faith effort to avoid privacy violations, copying or destruction of data, and interruption or degradation of our service.

If you obtain remote access to our systems, do not attempt to expand or elevate access to other servers.

To prevent further exploitation, please do not make the vulnerability public before reporting it to us, and give us adequate time to address the issue.

Safe harbor

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.