Security Program

RevDesk · operated by Cell Labs, Inc.

We value the contributions of the security research community and recognize the importance of a coordinated approach to vulnerability disclosure. If you have discovered a security vulnerability in RevDesk, we encourage you to let us know right away. We welcome the opportunity to work with you to resolve the issue promptly.

Our program is covered by Coordinated Vulnerability Disclosure, Safe Harbor, Open Scope, Core Ineligible Findings, and Detailed Platform Standards. You may submit reports anonymously.

Report a vulnerability

Submit your findings directly to our HackerOne inbox — anonymous reports are welcome. If you'd rather report by email, write to security@revdesk.com.

Report a vulnerability on HackerOne

Program standards

Coordinated Vulnerability Disclosure: We work with you to validate, remediate, and disclose issues on a coordinated timeline.
Safe Harbor: Good-faith research conducted under these guidelines is authorized. We will not pursue or support legal action against you for it.
Open Scope: Any asset RevDesk (Cell Labs, Inc.) owns or operates is in scope. Third-party services we don't host are out of scope.
Core Ineligible Findings: Reports with no real-world security impact (e.g., missing best-practice headers, theoretical issues with no PoC) are typically not actionable.

Our machine-readable contact details are published at /.well-known/security.txt.