Vulnerability Disclosure Policy

We welcome reports from security researchers. If you believe you've found a security vulnerability in KudosCRM, please tell us so we can fix it.

Email security@kudoscrm.com with details to reproduce the issue. We'll acknowledge your report, investigate, and keep you updated.

Our application and APIs (app.kudoscrm.com and related services) and our website. Third-party services we use are out of scope — please report those to the relevant provider.

• Give us a reasonable chance to fix an issue before disclosing it publicly.
• Only test against your own account and data.
• Avoid privacy violations, data destruction, and service disruption.

• Access, modify, or delete data that isn't yours.
• Run denial-of-service attacks, spam, or social-engineering against our staff or users.

We won't pursue legal action against researchers who act in good faith and follow this policy. We aim to triage promptly and remediate based on severity.

security@kudoscrm.com