At Loops, we care deeply about the safety and security of our customers’ data and our systems. We welcome security and vulnerability reports as part of our commitment to providing the most secure product possible.Documentation Index
Fetch the complete documentation index at: https://loops.so/docs/llms.txt
Use this file to discover all available pages before exploring further.
Making a report
If you’ve read this document and discovered an issue that you believe is in-scope, please email us atsecurity@loops.so. Please include the following details:
- A clear summary of the issue and its potential impact.
- Detailed steps to reproduce the issue.
- Relevant environmental details (browser, OS, version numbers, etc.).
- Any proof-of-concept code that demonstrates the vulnerability, if available.
Timelines
We’ll get back to you within a few days to acknowledge your report.What we’re most interested in
- Authentication bypass and privilege escalation.
- Exposure of personally identifiable information (PII).
- Unauthenticated access to user data (outside of intentionally public data).
In scope
Out of scope
- Automated scanning.
- Social engineering.
- Denial of Service attacks.
- Attacks that need physical access to someone’s computer.
- Theoretical attacks you can’t actually exploit.
- Man-in-the-middle attacks.
- Clickjacking or UI redress attacks.
- CSV injection (unless it can harm non-Loops users).
- HTML injection (unless it can harm non-Loops users).
- Missing security headers, weak TLS cipher suites, or DNS setup issues. We might find these informative, but they probably won’t earn a bounty.
Please be considerate while investigating
- Only test with your own account (or get permission from the account owner first).
- Don’t modify, delete, or store private data that isn’t yours.
- Avoid anything that might break or slow down our services.
- If you get remote access to our systems, don’t try to expand or elevate your access.