At Click Studios we are passionate about our products and take security seriously. Despite this, due to the fast-changing nature and complexity of the information security industry, we may inadvertently expose our software to vulnerabilities. If you believe you have identified such a vulnerability, please send us your report in a timely manner at Report a Security Issue. Your report should include the following items:

• Proof-of-concept code, including screenshots to help us confirm and replicate your findings
• Justification of any impacts and how they would affect customers if exploited

Once submitted, we request the time to properly and fully assess the details you’ve provided. Our process includes:

• Being able to first reproduce and confirm the vulnerability as described
• Determine a severity score in accordance with CVSS 3.1
• Consider any recommendations in your report
• Allow the Lead Development team to formulate an action plan

We kindly ask to maintain the report, content and email correspondence confidential until corrective measures are released to production. We will liaise with you to keep you updated until the issue is resolved.

Please note, exploiting any reported vulnerability abusively or for illegal, malicious or other inappropriate purposes, may result in legal prosecutions, leading to civil or criminal liability. An action is considered abusive or inappropriate when its purpose compromises customer-related or internal confidential information in an undue or disproportionate manner, or when such any action has some other aim than the demonstration of a vulnerability.