If you believe you’ve found a security vulnerability in Stitch, we encourage you to let us know right away by emailing firstname.lastname@example.org (optionally using our PGP key). We request that you do not publicly disclose the issue until we have a chance to address it and we won’t pursue legal action as long as you make a good-faith effort to avoid privacy violations and destructive exploitation of the vulnerability.
We will respond as quickly as we can and reward the confidential and non-destructive disclosure of any design or implementation issue that could be used to compromise the confidentiality or integrity of our users' data (such as bypassing our login process, injecting code into another user's session, or acting on another user's behalf) with some swag. Other issues may be rewarded at our discretion.
If your database(s) or SaaS account(s) have been hacked, we recommend that you immediately recycle any credentials used to access your system or service, generate new ones, and update the credentials for the appropriate integration(s) in Stitch. Our team can help you remediate any data issues that might have occurred as a result of the breach.