How to Contact Heyday by Hootsuite about
Security Questions
We take security very seriously at Heyday by Hootsuite (Heyday), and have an Information Security Bug Bounty program geared towards the identification and remediation of security issues. At this point, we do not offer monetary compensation for findings due to Heyday company policy, but we do offer other rewards.
For critical findings, we offer a Hootsuite branded Herschel Retreat 15″ Computer Backpack and a Hootsuite branded Unisex Full-Zip Hooded Sweater. For high severity findings, we offer a Hootsuite branded Herschel Retreat 15″ Computer Backpack. For medium severity findings, we offer a Hootsuite branded Unisex Full-Zip Hooded Sweater. If your finding is of medium, high, or critical severity, we also offer to include your name in our Hall of Fame. We do not offer rewards for low severity issues.
If you are interested in submitting your findings for review, please email hootsec@hootsuite.com. Please note that, upon your submission, it could take up to 5 business days to triage and identify the right severity for the issue. If Heyday is already aware of the issue, we do not offer any rewards, nor do we respond to header misconfiguration disclosure.
Tracking and Disclosing
We work hard to ensure our product is safe and secure. Have you discovered a security flaw that may impact our service or our users? Please let us know.
Submitting a Report
Heyday’s security team will acknowledge your report, usually within 24 hours. Our team will assign a point of contact who will help track your issue. Then, our team will investigate the issue and determine the impact on our products. While we will not disclose the issue until our investigation is completed, we will work with you to ensure we fully understand the issue, its scope and its scale. When our team resolves the issue, we will post an update along with a thank-you and credit for the discovery.