Better Data is committed to working with security researchers to identify and resolve vulnerabilities responsibly.
Scope
- In scope: All Better Data hosted services (app.betterdata.com, api.betterdata.co, admin.betterdata.co, registry.betterdata.co) and published OSS packages (@betterdata/scm-*, @betterdata/dcm-*, @betterdata/signal-tags-schema)
- Out of scope: Third-party services and infrastructure not operated by Better Data; social engineering; physical attacks
Reporting
Submit vulnerability reports to: security@betterdata.co
Include: affected URL or package, description of the vulnerability, steps to reproduce, potential impact, your contact information (optional)
Our Commitments
- Acknowledge receipt within 2 business days
- Provide an investigation timeline within 10 business days
- Not pursue legal action against researchers acting in good faith under this policy
- Credit researchers in release notes (with their consent) after remediation
Safe Harbor
We will not pursue civil or criminal action against researchers who: discover and report vulnerabilities in good faith, avoid accessing or modifying Customer Data, do not disrupt platform availability, and report promptly without public disclosure before remediation.