Vulnerability Disclosure Policy
At MorphCast, we take security seriously. We appreciate the efforts of security researchers and individuals who help us improve our platform by responsibly reporting vulnerabilities.
Scope
This policy applies to any vulnerabilities found in:
- Our website (
morphcast.com) - Our SaaS services and APIs
- Any official MorphCast software
How to Report a Vulnerability
If you discover a security issue, please report it using our Feedback & Abuse Form. Select “Security Issue” as the category and provide as much detail as possible, including:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Any potential impact
Alternatively, you can email us at security@morphcast.com.
What to Expect
- We will acknowledge receipt of your report within 5 business days.
- Our security team will investigate and respond as soon as possible.
- We may request further details to assess the impact and verify the issue.
- If valid, we will work on a fix and update you on the progress.
Responsible Disclosure Guidelines
We ask that you:
- Do not exploit or publicly disclose vulnerabilities before we have resolved them.
- Do not access, modify, or delete user data.
- Avoid actions that could degrade the availability of our services.
Out of Scope
The following are considered out of scope:
- Denial-of-service (DoS) attacks
- Social engineering or phishing
- Vulnerabilities in third-party services
We appreciate your cooperation in keeping MorphCast secure!