Responsible Disclosure Program

At Swoogo, we strive to build high quality, reliable, and secure software that brings a high degree of value to our customers and strive to do so with efficiency and creativity. We value and welcome ethical hackers to find and report vulnerabilities to us. Our Responsible Disclosure Program (“RDP”) guidelines are listed below.

Program Terms

Please note that your participation in the RDP is voluntary and subject to the terms and conditions set forth in this document (“Program Terms”). By submitting a site or product vulnerability (each, a “Submission”) to Swoogo, LLC (“Swoogo”) you acknowledge that you have read and agreed to these Program Terms.

These Program Terms supplement the terms of the Swoogo Event Cloud Order Form, the Swoogo Privacy Policy, and any other agreement in which you have entered with Swoogo (collectively “Swoogo Agreements”). The terms of those Swoogo Agreements will apply to your use of, and participation in, the RDP as if fully set forth herein. If any inconsistency exists between the terms of the Swoogo Agreements and these Program Terms, these Program Terms will control, but only with regard to the RDP.

To encourage responsible disclosures, Swoogo commits that, if we conclude, in our sole discretion, that a disclosure respects and meets all the guidelines of these Program Terms and the Swoogo Agreements, Swoogo will not bring a private action against you or refer a matter for public inquiry.

As part of your research, do not modify any files or data, including permissions, and do not intentionally view or access any data beyond what is needed to prove the vulnerability.

Disclosure Guidelines

By providing a Submission or agreeing to the Program Terms, You agree that you may not publicly disclose your findings or the contents of your Submission to any third parties in any way without Swoogo’s prior written approval.

General Guidelines

  • You may not commit any privacy violation, degradation, or disruption to the availability of our production systems during your testing.
  • You may not attempt to brute-force or spam our systems. 
  • If the identified vulnerability can potentially extract information about our customers or systems, or impair our systems’ ability to function normally, then you must refrain from actually exploiting such a vulnerability. This is necessary for us to consider your disclosure a responsible one.
  • You must keep your disclosure confidential between yourself and Swoogo until we resolve the issue.
  • We will undertake reasonable efforts to confirm and fix issues promptly.

Vulnerability Submissions

Please report any security issues you find to [email protected]. If your submission contains any sensitive vulnerability information, please encrypt it using our PGP public key at the bottom of this page.

Please include the following in your submission:

  • Your name and contact information.
  • Company name (if applicable).
  • A detailed description of the potential vulnerability.
  • Exact steps to reproduce the issue, including any associated URL and parameters demonstrating the vulnerability.
  • The relevant details of your system’s configuration, such as any browser or user-agent information and operating system version.
  • Your IP address and Swoogo account or event registration, so we can coordinate your activity with our logs.

Ownership of Submissions

As a condition of participation in the Swoogo RDP, you hereby grant Swoogo, its subsidiaries, affiliates and customers a perpetual, irrevocable, worldwide, royalty-free, transferrable, sublicensable (through multiple tiers) and exclusive license to use, reproduce, adapt, modify, publish, distribute, publicly perform, create derivative works from, make, use, sell, offer for sale and import the Submission, as well as any materials submitted to Swoogo in connection therewith, for any purpose. You should not send us any Submission that you do not agree to license to us. You hereby represent and warrant that the Submission is original to you and you own all right, title and interest in and to the Submission. Further, you hereby waive all other claims of any nature, including express contract, implied-in-fact contract, or quasi-contract, arising out of any disclosure of the Submission to Swoogo. In no event shall Swoogo be precluded from discussing, reviewing, developing for itself, having developed, or developing for third parties, materials that are competitive with those set forth in the Submission irrespective of their similarity to the information in the Submission, so long as Swoogo complies with the terms of participation stated herein. 

Confidentiality

Any information you receive or collect about Swoogo or any Swoogo user through the RDP (“Confidential Information”) must be kept confidential and only used in connection with the RDP. You may not use, disclose or distribute without Swoogo’s prior, written consent any such Confidential Information, including, but not limited to, any information regarding your Submission and information you obtain when researching the Swoogo sites. 

Indemnification

In addition to any indemnification obligations you may have under the Swoogo Agreements, you agree to defend, indemnify and hold Swoogo and its subsidiaries and affiliates, and its and our officers, directors, agents, joint ventures, employees, and suppliers (each, an “Indemnified Party”), harmless from any claim or demand (including attorneys’ fees) made or incurred by an Indemnified Party and/or any third party due to or arising out of your Submissions, your breach of these Program Terms, and/or your improper use of the RDP. 

Changes to Program Terms

The RDP, including its policies, is subject to change or cancellation by Swoogo at any time, without notice. As such, Swoogo may amend these Program Terms and/or its policies at any time by posting a revised version on our website. By continuing to participate in the RDP after Swoogo posts any such changes, you accept the Program Terms, as modified. 

Thanks!

We really appreciate you working with us to responsibly submit a disclosure and working with us to improve our security. We recognize the work and talent you’ve put into finding these issues and thank you for reaching out to us.

Our PGP Key

If you are submitting sensitive vulnerability information or wish to communicate with us privately about your concern, please use the following PGP key to encrypt your message to [email protected].

-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBGoypOgBEADLRPjol2kIgdK5uGC1/Eev0NhLiTUTdz5vCO/wZ0gFotaN09Za
2CaO0J15yoz6n2KzA3/cKiAr4RufTkhjGSOfR3e094QbmteLDyJYYHNoVWubbg6r
3jyaHK+8qnwRpeYjPiHYy4G3lW6PanXFAknte1i+lxk6lCYi45NkG9zD47RqKaEG
1IQM2PpPYJV3MxL5sPPertR/J1xzgKUKuaLjZHJHVRa2q6upxMmbe8i/sUjYlzye
bDjZANGSViu6fxD6HKw7U8JZA5gXf8igPceu7FqshUm/Yx8mRyUFf0j2SvOX+PqE
80N+eCLR6UY4qpXh0VBYKAEPSZVPR6n/cdk0TokYgTLcvYCkNfVWc3RvvIfA3yqh
/tD58eI5qS4h+6db3cCxRNJaC0HOkeX4HCtSmWSaqGhMi/TqteN+J9u85qGtN6tZ
DM09p+kPN4YEx88q1QJLyqqycSQSwGc4tk9ZXhUyxNapvqERq/1DcZBqktcrUaTx
EFshndyyMXWmJBfoCNNFtcp0LINJTUyIyVGQu5apOeIE7RtiKokG3/BSYr5MAKZu
i4Dc8voG0QrO403+Lx3WfN89GoA9WF7dvGsWv0tUclcYteaHSNpLRHoYvArXnk6u
QK8OwxtqPjyn6tmSNmzE+QaHORFskADjrjQdqYYPdVlP7hylZ7zUVQJVqwARAQAB
zSNTd29vZ28gUHJpdmFjeSA8cHJpdmFjeUBzd29vZ28uY29tPsLBeAQTAQgALAUC
ajKk6AkQxG7j6AWsrY4CGwMFCR4TOAACGQEECwcJAwUVCAoCAwQWAAECAABpUxAA
QzA2S38ErRdkpPutZydqhTS/XlyyltuYaBv8O92tgwLdasak6ygabuFURNUcAg7T
DXmY7hIuAonAC+QDUUJq3+Pd0OJfJGcjGvDiP9dFY4sA/X3JNSh3G/Q4yDL53/rg
eVwVSB3i6qDpm6E13MPpH36d3x8twJbQKnuJ+Ilh2sInYjcsYEtLnTHFCuSF5mEJ
HmkYg0F/iQl85yupWFVu8bILrLaIRIctJRpuUiN5uNytWKRNhi/yBuKpK3bedvzK
qHhUwyi8f3AXWStC4XB/W1ZZIZV6XXpC3coa1NQk1LSu4Sa9mR1VDSTbYxlWiwTL
GG4rR7exe/FEQ6d3sELHvrOwqndhJvcK+Qs71K+UQvkAKQCLyZ2wZ/YnllsrPR0c
YfWlm/Gr9lVJPB+E4Ysdw2cg33ozClZ5vYEM7dRcwkjZ+ufzTMEtSQ8wpUO8f68b
7nLZYPz9R1I+YzNuOOYzrzgO6pEKEX5k1ARZjc56uTVzyh7Ac/Idaz/28jllklKm
upgVJwTIyuGc1Gr+NsNSa8A6WMy59N38SztGJtTkSa3kyNyTEjBaWKB3Hc/NR+WJ
pNBv7I3zCqwQ3EZ0maBnosU/OC5PBeutXYoZ4hNKzeO5cgOgynVNbg4DxXxaQKML
sZtNwcWnerNhh2Ari1PBuRN1oBCjJ49kKvnW1G8QgDDNJFN3b29nbyBQcml2YWN5
IDxzZWN1cml0eUBzd29vZ28uY29tPsLBdQQTAQgAKQUCajKk6AkQxG7j6AWsrY4C
GwMFCR4TOAAECwcJAwUVCAoCAwQWAAECAAAvPBAASyN8bbsQ1Iz+HKPwMpQm0uje
oxd2cMyM8hVJD/klCon9MXcC2QTMhYhfhjzS54YDaRdlL5Twkor3sNRuMqryQf4n
zaq3MIN7Ex9L8z5HGkOMFjoY/t0ZIFNNaxQNDIqkn95wIETECdb+nPvC4KZOlGxZ
mh5jzKJEKOaAJ99AiyD/63kVMrHHvtoL/uN/ApBeJ+7rPXw0t3JWPkqfSmbOKbOI
qk4t0C0ozfrDo+Is3GiHpnpKVBf1ISUj1d4Xccqf5RDGZFi2jTJac9dScKboTvQn
X19Emw7KsY5CMjQIFeI5OjyMOn0oM9VDFWCAHl/vp4aRTUNXgoIPf96ENESJhd6R
Zw1xXG1vr1y61p0yqYG1ReBmybfuV/Wpl/6qIn9NcIW2+sCLKcc7UAAAoQYRAR1C
PFu450ac9UwUGlntus/q1QDhHWihaNOXb3Td1fxszG5tKT7pG5QkBSaQk1cUZ9l4
RDX1CZQ9/55BEvD6Pvrb213tHCGaiQ9gs9URjrddHu9JvcMdvPpb48t1v6gNvt7X
Yo0jIoF6Hp1IDiJrcWB7MAabmARI4lL+2McgeZEHigkZyeNSyv05zwiwQFRfHZEB
TC595HXOjEolMku2x30IQhiReeKHD6uOXSEJgWje9tMsJttYkOtAE5+wzeVMJRBJ
Z/rrVaVOy3MSZJAFEc7OwU0EajKk6AEQANBGbnfCcqaU7nSWAF28sFN4hyfAfx8q
ArtZab0E+jGtAPvz2HYa92n7Kxm9P7gg7phYXMaEVRMzRjHSlQ60TvktaitNGyzt
nPxK9VJnb7ecKH0dpv2TMee82INwL/WtzH7zH6c5uHCAHLnznTrZ6aftDGTia1TR
bgiznUHXBq0qxUIJPDFNZO9Ge9BvEmCGmKJFIY/t1WN79v2I7dLmkDWJK/ZiorVY
03Vm5c6vE7zuizlyc/hJ0ah54mLvZeXAPa+d8bIZMyGnbHZcMfCGzk6z0Nf4Ssen
vJBBnnlf8JD47xaXLP5TTDBGMoQ3GF9y+KncawLnAKXwvQxj/2/WPvr2ZrLC8b6T
aX3Eob1zI4rkx+/gH/Q61bntxF5dZNr7yOsZYQZvIYD4inqabIuHYoOO8krDF6Jl
XTTUT0diRK4BHYclJ+TbnXBJTxMYP+ngRC3oHP78P25mE+n9Iy7oKlLYeYJjncrg
1CFBx7oTl946VXfYjFQIjmc4pEO4ceW/ZBNzBksRbN5NK3KTvc1HrKpd42XkDmGh
1YNyIsiWGFqB3YrM6kT0Y/i65riCSTwuaHgSxUi4sbajIOad94L2TVsIwyCAOKDb
1mkUqGPWYU8wCGwVM9UqbkyMJmi80ucSW3/zmyU+UGhp9xuFkB+3lXua4eJHXbhq
DGw8i1u6COFdABEBAAHCwXUEGAEIACkFAmoypOgJEMRu4+gFrK2OAhsMBQkeEzgA
BAsHCQMFFQgKAgMEFgABAgAAFKYQAAXtPgknUhSmTO/SSsWCilvw6K4ln0PihVCY
5hrWh6RQGNTTYeNiNLiL+lHrPtmfSVCunI4kZ4enD1yfSeZCot2i795ONfLtBy3p
jw78I5+Z9p8DUm6tUV6OFxrS7/TSRNXMAX1OX5AnyfvXeG97SprQEbFXWV4u4Oyu
EXRozhm/DWecH2XdBO9w7lmkuVq5dKJurjXTesQp719SYcxkLltfZCAusBn290Ak
WFt61dzpwgnJEHNpNe670/3DrBA/YHwumFlNFy36LYF9Xj4saDGwH68XeCeT4VsJ
g8lhbyqezRS4SFYp1cQJ6WVrn86c9BRiYFp188J2WqwNOLxMt63xxUWrjzcRmJof
v8DcC77ux+MmSvA3W7ke7kWvFmyXu8k3JyHD10oUoYMTNuQd3S/j6rIuPMxgVAzL
ztnJDtnHH91TvkC47/xkNZ7HDPpuvNyF9n6PWWkz/Cm9RZhvYmeTfLDfbropYn7c
C/CfdqwYVBmNQpz7ad0YQLNpEWljfK67BKYy/9vo/kt+QkQ34AOPEMDswbQo6rzq
5d652kYBHQ+Sqrysk+7B78so+vL+1FBvecGW9nfN05334tOeTfxIMm7EuylH4h1f
vkcgB8u1sHe570JwOjEW18jqIhhpxI07lZhRYiQ+4nH4iWepQ7fztkcJns/NFRVz
rVBn9kL2
=h7dZ
-----END PGP PUBLIC KEY BLOCK-----