Roomote

Security

Protecting Roomote, customer data, and connected systems matters to us. If you believe you have identified a security issue affecting Roomote, please report it privately to security@roomote.dev.

1. How to Report a Security Issue

Please include as much of the following as you reasonably can so we can reproduce and triage the issue quickly:

  • a clear description of the affected page, feature, endpoint, integration, or workflow;
  • step-by-step reproduction instructions, including any required account or permission assumptions;
  • the impact you observed or expect, such as account access, data exposure, privilege escalation, or service disruption;
  • screenshots, logs, proof-of-concept requests, or other evidence that helps us verify the report;
  • your preferred contact information if you want a follow-up response.

2. Responsible Disclosure

We ask that you give us a reasonable opportunity to investigate and address the issue before sharing details publicly. Please avoid any testing that goes beyond what is necessary to confirm the vulnerability exists.

  • Do not access, download, modify, or retain data that does not belong to you except where minimally necessary to demonstrate the issue.
  • Do not intentionally degrade service availability, trigger denial-of-service conditions, or send spam.
  • Do not use social engineering, phishing, physical intrusion, or attacks against third-party accounts, infrastructure, or personnel.
  • Stop testing and contact us as soon as you confirm a finding with potential security impact.

3. What to Expect From Us

We review incoming reports, investigate credible findings, and prioritize remediation based on risk, user impact, and active exposure. We may contact you for clarification or additional reproduction detail if needed.

Where practical, we aim to keep reporters informed as triage and remediation progress. Some issues may require coordinated disclosure timing so users can be protected before details are made public.

4. Safe Harbor

If you act in good faith, follow this policy, avoid privacy violations, service disruption, and destructive activity, and promptly report the issue to Roomote, we will not pursue legal action against you for the testing described in your report.

5. No Bug Bounty

Unless Roomote explicitly announces otherwise, we do not operate a paid bug bounty program and cannot promise compensation for vulnerability reports.