Vulnerability Disclosure Policy

Effective Date: June 1, 2025

At ShiftLink, the security of our systems and the privacy of our users is a top priority. We welcome contributions from security researchers and the community to help us maintain the highest standards of security.

Reporting a Vulnerability

If you believe you have found a security vulnerability in any part of ShiftLink’s services, please let us know right away. We appreciate your help in disclosing the issue responsibly.

Please email your findings to:
security @ shiftlinkapp.com


Include as much detail as possible, such as:
• A description of the vulnerability
• The steps to reproduce it
• Any relevant screenshots, logs, or proof of concept
• Your contact information so we can follow up


What to Expect

• We will acknowledge your report within 3 business days.
• We aim to investigate and address valid issues within 10 business days.
• We may request additional information or clarification.
• We’ll notify you once the issue has been resolved.


Guidelines

To help us resolve issues quickly and safely:
• Do not publicly disclose the vulnerability before we’ve had a chance to fix it.
• Do not access, modify, or delete any data that does not belong to you.
• Do not perform any actions that could cause harm to ShiftLink, its users, or its services.


Safe Harbour

We consider vulnerability research and disclosure conducted in accordance with this policy to be authorized. We will not take legal action against you for following this policy in good faith.

Automate shift management  today!