20% OFFCode FOUNDING20 — 20% off first year

LAUNCH OFFERApply code FOUNDING20 at checkout for 20% off your first year.Claim Offer →

GoRefer.io
PricingAffiliatesNEWMeet
Gio AI
BlogAbout
Login
Get Started Free

GoRefer Trust Center

Vulnerability Disclosure

Updated April 2026

GoRefer is committed to working with security researchers and the broader security community to identify and resolve vulnerabilities. This Responsible Disclosure Policy outlines how to report vulnerabilities and what you can expect from us.

Safe Harbor
Responsible Disclosure

In-Scope Systems

Updated April 2026

In Scope

  • app.gorefer.io — Production web application

  • api.gorefer.io — REST API endpoints

  • gorefer.io — Landing/marketing site

  • Authentication flows (login, MFA, OAuth)

  • Any GoRefer-owned subdomains discovered via DNS

Out of Scope

  • Denial of service (DoS/DDoS) attacks

  • Social engineering of GoRefer staff

  • Physical security attacks

  • Vulnerabilities in third-party services (report to them directly)

  • Issues requiring unlikely user interaction (self-XSS, CSRF in forms with CSRF protection)

Safe Harbor

Updated April 2026

We commit to safe harbor for good-faith research

GoRefer will not pursue legal action against researchers who discover and report vulnerabilities in good faith, provided they: (1) do not access, modify, or exfiltrate data beyond what is necessary to demonstrate the vulnerability; (2) do not disrupt service availability; (3) report findings to us before public disclosure; and (4) give us reasonable time to remediate before disclosure.

Disclosure Process & Timelines

Updated April 2026

1. Submit Report

  • Use the form below or email security@gorefer.io

  • Include reproduction steps, impact, and any PoC

  • Encrypt sensitive details using our PGP key if needed

2. Acknowledgement

  • We acknowledge receipt within 24 hours

  • Initial severity assessment within 3 business days

  • We may ask clarifying questions

3. Remediation

  • Critical: 72-hour target patch

  • High: 7-day target

  • Medium/Low: standard sprint cycle

  • We keep you updated on progress

4. Disclosure

  • Coordinated disclosure after fix is deployed

  • We credit researchers in release notes (if desired)

  • No public CVE filed without our agreement

  • Hall of fame recognition for significant findings

Submit a Vulnerability Report

Updated April 2026

Use the form below to report a security vulnerability. Please include as much detail as possible — steps to reproduce, potential impact, and any proof-of-concept. You can also email directly to security@gorefer.io.

Security Disclosure Form

Report a vulnerability directly to our security team. For non-security issues, use normal support channels.

Or email directly: security@gorefer.io