At Sensat, we value the security community's role in keeping our data and users safe. If you believe you’ve found a security vulnerability in our platform, we encourage you to let us know right away.
1. Reporting Process
Please submit all findings to security@sensat.co
For a report to be evaluated, it must include:
- A clear description of the vulnerability.
- Step-by-step instructions to reproduce the issue.
- A Proof of Concept (PoC) (e.g. screenshots, request logs, but please redact any PII/sensitive data). Use plain text and images, not PDF or ZIP files.
- The potential impact of the vulnerability on Sensat and/or our users.
2. Our Commitment
If you act in good faith and follow this policy, we promise to:
- Acknowledge receipt of your report within 5 business days.
- Work with you to understand and validate the issue and findings.
- Notify you once the issue has been resolved.
3. Guidelines & Rewards
- No Ransom/Bounties: Sensat does not offer monetary rewards for unsolicited reports at this time.
- Recognition: We are happy to provide a letter of appreciation or a LinkedIn recommendation for valid, high-impact disclosures.
- Safe Harbour: Sensat considers research conducted under this policy to be ‘authorised’. We will not pursue legal action against researchers who act in good faith, avoid privacy violations, and do not disrupt our services.
- Confidentiality: We ask that you do not disclose vulnerability details to the public or third parties until we have confirmed the issue is resolved.
4. Out of Scope
The following are strictly prohibited and will not be acknowledged:
- Denial of Service (DoS/DDoS) attacks.
- Social engineering or phishing of Sensat employees or contractors.
- Spamming or automated scanner reports without a manual PoC.
- Best practice findings that do not lead to a direct exploit (e.g. missing HSTS).