Security, Privacy and Compliance
Keywordly is leading the way in data security, privacy, and compliance. Our robust tools are built with data integrity at the forefront. For inquiries or concerns, connect at support@keywordly.ai or schedule a call with our experts. Your trust is our priority.
Secure engineering practices in the design and code of Keywordly
1. TLS Encryption
Keywordly enforces HTTPS for all services, including our public website. All web session traffic between your application and Keywordly is encrypted using TLS (transport layer security) which provides data encryption and authentication between your application and our servers. Sensitive data between applications are also protected by access tokens and are encrypted during transmission.
2. Authentication
To prevent unauthorized account access, each session requires an account username and a strong password. All passwords are stored encrypted with a one-way hashing algorithm resistant to brute-force and dictionary attacks by using a salt. Passwords are not logged.
3. Limited Access
Keywordly’s policies and procedures limit and log all external and internal access to customer data and requests management approval before access. Only select Keywordly employees dealing directly with valid customer tickets can access customer data with prior permissions.
4. Data Privacy
We take your privacy seriously. Your data is only used/stored in accordance with our privacy policy.
Disclosure
We rapidly & regularly investigate all reported security issues. If you believe you’ve discovered a bug in Keywordly’s security, please contact support@keywordly.ai. We will respond as quickly as possible to your report.
We request that you do not disclose the issue publicly until it has been addressed by Keywordly.
Keywordly Vulnerability Reporting Policy
At Keywordly, trust is one of our core values, and we take protecting our customer’s data seriously.
Keywordly appreciates the role security researchers play in internet security. We encourage responsible reporting of any vulnerabilities found on our website or the product.
We have developed a program to make it easier for you (security researchers or customers) to report vulnerabilities to Keywordly and to recognize you for your efforts to make Keywordly a secure platform.
You may refer to our developer documentation and any material on the Keywordly support forums for research into our products.
Disclosure
Please review the below scope and guidelines before you test and/or report a vulnerability.
Keywordly pledges not to initiate legal action against researchers for penetrating or attempting to penetrate Keywordly systems as long as they adhere to the below guidelines.
Vulnerability Reporting Program
To appreciate your efforts, Keywordly runs a bug bounty program. If you submit a valid report on the eligible products mentioned in the Scope and Description of Vulnerability section in this policy.
Keywordly will consider your report for our bug bounty program. If the reported vulnerability is accepted by the security team, Keywordly will provide the incentives below.
Your name will be added to our Hall of Fame with your Full name and Gravtar, Organization’s name, email address and Links to social profiles such as Twitter, LinkedIn.
Note: Currently, Keywordly doesn’t provide monetary incentives for Vulnerability reporting.
Scope and Description of Vulnerability
All Keywordly products are in scope for reporting the vulnerabilities. Any design or implementation issue that substantially affects the confidentiality or integrity of user data is covered in the scope of this policy.
Accepted vulnerability scenarios
1. XSS – Cross-site scripting
2. CSRF – Cross-site request forgery
3. SQL Injection
4. Mixed-content scripts
5. MITM – man-in-the-middle Attacks
6. Authentication or authorization flaws
7. SSI – Server-side code execution bugs
Scenarios that are not considered a vulnerability
1. Presence or absence of HTTP headers (X-Frame-Options, nosniff)
2. Exposed stack traces or 500 errors
3. Content spoofing by administrative users
Reporting a potential security vulnerability
Keywordly will reward reports with a significant impact across our entire product portfolio. We encourage you to report bugs via this program based on the below guidelines.
Guidelines for reporting a vulnerability
You are requested to adhere to the following guidelines while reporting a vulnerability.
Share details of the suspected vulnerability with Keywordly by sending an email to support@keywordly.ai. If you are a customer, you can also report the issue to support@keywordly.ai.
We expect reporters to use their own judgment and provide sufficient details and evidence while reporting the vulnerability.
Vulnerability details required
Provide full details of the suspected vulnerability so that the Keywordly team can validate and reproduce the issue.
1. Type of issue (cross-site scripting, SQL injection) Product and version with the bug or a URL.
2. The potential impact of the vulnerability (i.e., what data can be accessed or modified).
3. Step-by-step instructions to reproduce the issue.
4. Any proof-of-concept or exploit code required to reproduce the vulnerability.
Responsible Conduct
While we encourage you to discover and report to us any vulnerabilities you find in a responsible manner, Keywordly does not permit the following conduct.
1. Performing actions that may negatively affect Keywordly or its users (e.g., spam, brute force, DDoS attacks).
2. Conducting any kind of physical or electronic attack on Keywordly personnel, property, or data centers.
3. Violating any laws or breaching any agreements to discover vulnerabilities.
4. Accessing, or attempting to access, data or information that does not belong to you.
5. Social engineering any Keywordly employee or contractor and getting benefitted from the same.
6. Sharing or publicizing the reported (yet unresolved) vulnerability with/to third parties.
7. Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you.
8. Conduct vulnerability testing of participating services using anything other than test accounts.
Our Commitment
We thank every individual researcher who submits a vulnerability report helping us improve our overall security posture at Keywordly. Once you report a vulnerability to us, the Keywordly team will make efforts to
1. Respond in a timely manner, acknowledging receipt of your vulnerability report.
2. Request you more information on the vulnerability if needed to fix the issue.
3. We will investigate all legitimate reports and respond to you with appropriate qualification (Critical, High, or Medium) based on the impact.
4. Notify you when the vulnerability is planned to be addressed.
5. Provide an estimated time frame for addressing the vulnerability report.
6. Inform you when the reported vulnerability is fixed.
Security Hall of Fame
Keywordly would like to thank people who have responsibly disclosed vulnerabilities to us.
Report Issue Now