Disclosure Policy

• If you believe you've discovered a potential vulnerability, please let us know by emailing us at support@slate.ai. We will acknowledge your email within 5 business days.
• Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within 10 business days of disclosure.
• Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Slate service. Please only interact with accounts you own or for which you have explicit permission from the account holder.

Exclusions

While researching, we ask that you refrain from:

• Distributed Denial of Service (DDoS)
• Spamming
• Social engineering or phishing of Slate employees or contractors
• Any attacks against Slate's physical property or data centres

Scope

• The Slate application hosted at app.slate.ai
• APIs and services that support the Slate platform

Out of Scope

• Marketing and static content websites
• Third-party services and applications
• Theoretical attack vectors without proof of exploitability