Responsible Disclosure Policy

SmartRent takes security and privacy very seriously for our users, our products and our staff. If you have discovered a vulnerability, we encourage your help in disclosing this to us in a responsible manner.

SmartRent will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate, respond and fix vulnerabilities in accordance with our commitment to security and privacy, as well as our policies. At SmartRent’s discretion, you may be eligible for monetary compensation for your efforts if you are the first to report a vulnerability and include detailed information to reproduce the vulnerability. We will not take legal action against, suspend or terminate access to the platform those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy. SmartRent reserves all of its legal rights in the event of any noncompliance.

Guidelines

Don’t disclose a bug or vulnerability in the public domain, prior to Responsible Disclosure without consent from SmartRent.

If a vulnerability is discovered, you are not authorized to exploit the vulnerability to compromise any data exposed and you are not authorized to view any data exposed by the vulnerability.

  • Do not perform DDOS / spam attacks.
  • Do not use scanners or automated tools to find vulnerabilities.
  • Never perform phishing, social engineering or physical attacks against our users, employees, or infrastructure.

The scope of this policy includes vulnerabilities discovered on any of our mobile apps, the SmartRent platform, or any smart hubs used by our platform. If you have any questions about the scope of this policy, please contact [email protected].

How to Report an Issue

If you believe you have discovered a vulnerability, please contact [email protected]. Please do not publicly disclose suspected vulnerabilities without consent from SmartRent.

In reporting vulnerabilities, please send details of:

  • Suspected vulnerability including reproduction steps that we can follow.
  • A private, secure communication channel through which we can contact you such as your email address.

Response

Our security team will investigate any details you provide immediately upon receiving a vulnerability report.

PGP KEY

-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFxKO6IBEADWdDeXxgnN6hgFW4MLUQaS8Kzh7v6s2FknCgBClI4J/Dk5OIym twxJ45UHGzctgcgg/BiDtOpV1whE9ebNEb4gNRPqO9lUf4hS+M9KLV3XDmpGbZUM YaXshMLsj7WHG4WJzwT773RAN2ekzUMPuPMvygW3H7IojGWj/QE6p7d+WkL5Pg7O Bvm6SZZfLnczcRnK+12NMJizZ0v7SZP6UX84daVhm/KGKr9p9hJLdESzZm/CdVAi r3ZdjRY3/0R7XH8yiY3j6ctJ8UUx1uzbM3VRRoZcCdYvpfScQQRR2cPYpGJYY45m cw90NjYs8mSL6BK4VPtbA06YUtJxcRWHfHt+x7hFqnXdspbdowVMbGSwgbUsj5ec ERm2nFBJHTBXQgBRBZFU3KT4IDNN1mtveoN814EvrVBWW0T4VZX94oheuR+S96dd u+hKXV3O1im2Xl4QMlRFCNHiOvdAViV3gPw0OPMANPQQwUtiHJU943Jr4JlP4jCn lkU1TVp0Lh2VzBcFRt92WVNZkHyN9Euo9I4qcIrkt7zHzuWuAFzUUlROBRZjhEtR ammmg5IAEY4lG4DgQ8c8y+4jC+E5MKhObkez34vY+evFSfDlD9bdHISozygrawuZ zVfcRxmGFMsh1F5dlHWm4hdGxw+1LJ77AX+jnV19bb2jgt7vm84pzFnUxQARAQAB tCdTbWFydFJlbnQgVGVhbSA8c2VjdXJpdHlAc21hcnRyZW50LmNvbT6JAlQEEwEI AD4WIQSYU52NTh5V9WbwpjHgNy/gf6YiiQUCXEo7ogIbAwUJB4YfgAULCQgHAgYV CgkICwIEFgIDAQIeAQIXgAAKCRDgNy/gf6YiiX9fD/9/QyErE8+FMjSM2YO0B9pt bzNVnnwDr/0tnFXkQVNw3hIUtAExQwo8a73fAdrL0HBeTumr/3MQdE6puQHXijnG IgC9ID76jFAOgBnyqySWf/YeC+i0fHE3Ts93brmicJiYSdZ/ymNBiA4oBjiPkPmJ vxOaXU6u/PxGkvJ17FRWo80Q4M9SgYfG9rKHOiKB8vSSWwYFGT7ySb2C5884jdXN CAd2/arONuH0TggBivCewaoLbQDdlgb1fLXFt+/ohZOyC79GojILVbGkclIrZSgw utFjSQ9roJnoMeh4jFypepGmBOosaUs40sRto3VVwsArqejWxekNll6d9B+sQMUs sq2xCIHBeOEIIw4y1vkjlAeO9BgHrSVdxZjWdAo6VzfMU/Wu5Vzje7Ios2DnBS9a 2cpDNNOX37QDrqWIfv5OdeVIpxVBgsLCtUKQLLDY9nRR8E13BNPnTxfiCZuMrvSn /7Z8mrzvx1D/ngrq2t2AlMv6vPRUj+3APCcIcDp2MUt1M8qFoSKokNbjElgO8d6Z TvK7tWvS2eWoICrs7Er9UGUXC0J2ueDOyYSLS9+KDAoyd2B7TktzB28+1uPgGsQC YcbK4v/6s881LeM/aPbvti6/KEW/F9rOv3hXIMm4xjtQuH0yq4no0TTb+MvK9BGM HYnN30yryprgxj0dRvWG+7kCDQRcSjuiARAA1Ht5E28ateszUhF7dokyMZGApbpF go/MsTGbVSyrm6krczNcbaKdtSApK6Y0L7fIVT5zROt4kvCLvOdfAAdCdKG0M4od 64ug464qRKC35f/O8w/kMMPixkhC+mkuG9OYhmMydBK/epCFuo/L80ErCSLB0XWj 8mTvZcZ5qXGCtWEDgnhIuW7Y6S9+WqCFW8K8I1tp9cLVwKm4tj2k1Uw0nRdV7ftZ rVqENYJpXjcq3EEWyYszPx/EB4dt0n8Og8QC+0khAaFU5gyv4u2vvPzK3Nd1X9s6 Tpfnh2LlQyIID2dkkdxH1k/CCE5lq9v9TDgl+ZYJkglSbiDxauv4RGqrvCAOmOvA Hk0n8xTW4YPTNATafF0SMT91PrmXKcRW9ziwLM15Z5DjLvV2YawYaiG6PjypeBs5 GvIUp7XkSP98twz6/evIh5wV2O8NhOpKSRvmgq9KzKKsrITFSuouzD1vIB+gEysD ZMejHzjvib5eIgCRpaTPHNlDi8nb2Tn7kg1RyMeFvQItQwyMnVF0oAajfWRfLkdA JYDr3DZQdJfXmaGF7qZjsVFGakTQ6qT0tc/V1M5FTQeIa2O4sP1jll1LFzxbcnYX U8wvazNjLq3vBx/EzygVyLU9gJ9sFYWkSZiX+yefnovmbAi+vfr52Gs+Ejtk2/be 6llpWOmigQiVQ+sAEQEAAYkCPAQYAQgAJhYhBJhTnY1OHlX1ZvCmMeA3L+B/piKJ BQJcSjuiAhsMBQkHhh+AAAoJEOA3L+B/piKJYHgQAKGagm5rs2s59pRLKwT/vMoq 9x/nARffgYfQimn2yFtMZ3sZocW4xIxc5jz8ii2h+emJQmAkxyfnUiAJfl/b8Z2G 10yDa6UXDuOyMLLoADLNX8WPARqYwu8vCeaUOwY72g6JgQ4hpW4KrmGmgsqcVjV7 xu6ETJP0NlRj9Mb2TlkGjuFhi2ZmyeMqQY06Ugz9p5vZyOGjMU4rS30fxL4O5ahO fovIfH1ykSDdp5GbNqh+geg9Q2y+mQShQIzYBE/TN8hOADRsERLi8ULoSchiCMLT d5EjkDECodcW70w9Eq+3sFcCyhmiB8cawBhwxRYgSXiiEVZj0Qk+RnbBShRoDZxD X3BMLRDN/zUE2jB4A6ZCi9f1w2i3QV2HZG4raJc7+K3oVvV7Q9msPVs0AeT3AfWx e/f2PPh+LpcgVv/aeKkKhu1ob1tS/NUgmNYU1LS1n+lWRQQFjLiDbGhrUnP29TSd RsDdCG2VmEJ6WnqUhaTGe6l0dLcvjiYqEyhAFjIAIKIWutnbx/ShANSbw9evyE9+ 7Nha7a7PbIzTMLufgdGBeLSfb35uomEppBlpWxZZHrT7wgWK0rfiDBqhIRBH5zzK HEntjBLzLMQOIJKY9ESlAci2H4c5nIRic2YjgizDKgDw9riptDpmRb1gXT0FsazE S1FVY/DbeUY98aODGLnm =MHxu -----END PGP PUBLIC KEY BLOCK-----