Responsible Disclosure

Reporting Guidelines

  • Reach out to, if you have found any potential vulnerability in our products meeting all the below mentioned criteria. You can expect a confirmation from our security team in about 48 hours of submission.
  • Please refrain from doing security testing in existing customer accounts.
  • When conducting security testing, make sure not to violate our privacy policies, modify/delete unauthenticated user data, disrupt production servers, or to degrade user experience.
  • You’re allowed to disclose the discovered vulnerabilities only to Documenting any potential In/Out of scope vulnerability to the public is against our responsible disclosure policy.
  • We encourage you to encrypt your message with our public key to ensure that it it remains safe in transit.

Qualifying Security Bugs

All bugs that are reported are qualified based on its impact on customer’s production data.

We will consider other security vulnerabilities if it is making an impact and exploitable with a working non-intrusive POC.

In Scope Domains


Bugs Severity

Klenty will define the severity of the issue based on the impact and the ease of exploit.

Response Time

Acknowledgement Within 48 hours
Time taken to resolve Based on the Severity

Hall of Fame

We would like to thank the people listed here who have identified and responsibly disclosed security vulnerabilities with Klenty.

  • Sourajeet Majumder
  • Alwoares Naeem