Skip to content
ViewStage

Trust

Security & responsible disclosure

We take the security of creator and brand data seriously. If you believe you have found a vulnerability, we want to hear from you.

Reporting a vulnerability

Please email security@viewstage.io with a clear description of the issue. Our machine-readable contact is published at /.well-known/security.txt (RFC 9116).

What to include

To help us reproduce and fix the issue quickly, please include:

  • A description of the vulnerability and its potential impact.
  • The affected URL, endpoint, or component.
  • Step-by-step instructions to reproduce it.
  • Any proof-of-concept code or screenshots — kept to the minimum needed to demonstrate the issue.

Good-faith safe harbor

We will not pursue or support legal action against security researchers who report vulnerabilities in good faith and in accordance with this policy. Acting in good faith means you:

  • Avoid privacy violations, data destruction, and any interruption or degradation of our services.
  • Access only the minimum amount of data needed to demonstrate the issue, and never access, modify, or retain another user's data.
  • Give us a reasonable amount of time to remediate before disclosing the issue publicly.
  • Do not exploit the issue beyond what is needed to confirm it.

Scope

This policy covers viewstage.io, its subdomains, and the ViewStage APIs. The following are generally out of scope:

  • Social engineering, phishing, or physical attacks against our team or infrastructure.
  • Volumetric denial-of-service (DoS / DDoS) testing.
  • Vulnerabilities in third-party services we rely on but do not control (for example Stripe, Cloudflare, or our other vendors) — please report those to the vendor directly.
  • Automated scanner output without a demonstrated, exploitable impact.

Our commitment

We aim to acknowledge legitimate reports promptly, keep you informed as we investigate, and credit researchers who wish to be named once a fix has shipped. ViewStage does not currently operate a paid bug-bounty program, so we are unable to offer monetary rewards at this time.

Data & privacy requests

This page is for reporting security vulnerabilities. For privacy questions, data-access, or account-deletion requests, see our Privacy Policy or email privacy@viewstage.io.