SMSEagle Vulnerability Disclosure Policy


  1. The safety and security of our customers’ data together with the reliability of our products and services, are crucial to SMSEagle.
  2. We design and make products and services with the highest levels of security and reliability. Despite our best efforts, vulnerabilities and errors may still occur in our products and services.
  3. This is our approach to handling reports of potential vulnerabilities and errors in our products and services.
  4. We encourage customers, users, researchers, partners and anyone else that interacts with our products and services to report identified vulnerabilities and errors to us.
  5. We’d be grateful if you would use the form on this page to report any vulnerabilities or errors to us.
  6. We highly appreciate the efforts made by anyone that identifies any vulnerabilities or errors to us as it will help us continue the security and reliability of our products and services
  7. Please note that supplying your contact information with your report is entirely voluntary and at your discretion.
  8. We will make use of all reports that are submitted; both those submitted anonymously and those with contact information.
  9. If you do submit your contact information, SMSEagle will only use the information to get in touch with you about the details of your report (if that is necessary). We will use your data in line with our Privacy Policy.
  10. By making a report to us using the form on this page, or otherwise communicating a report to SMSEagle, regarding vulnerabilities and errors, you agree to the following terms:
  11. SMSEagle may use your report for any purpose deemed relevant by SMSEagle, including to correct any vulnerabilities or errors you report and that we believe needs to be fixed.
  12. To the extent that you propose any changes and/or improvements to a SMSEagle product or service in your report, and to the extent that any legal rights exist in your proposal, you assign to SMSEagle all use and ownership rights to such proposals.


You confirm to SMSEagle that:

  • You have not exploited or used in any manner, and will not exploit or use in any manner (other than for the purposes of reporting to SMSEagle), the discovered vulnerabilities and/or errors;
  • You have not engaged, and will not engage, in testing/research of systems with the intention of harming SMSEagle, its customers, employees, partners or suppliers;
  • You have not used, misused, deleted, altered or destroyed, and will not use, misuse, delete, alter or destroy, any data that you have accessed or may be able to access in relation to the vulnerability and/or error discovered;
  • You have not conducted, and will not conduct, social engineering, spamming, phishing, denial-of-service or resource-exhaustion attacks;
  • You have not tested, and will not test, the physical security of any property, building, plant or factory of SMSEagle;
  • You have not breached, and will not breach, any applicable laws in connection with your report and your interaction with SMSEagle product or service that lead to your report.
  • You agree not to disclose to any third party any information related to your report, the vulnerabilities and/or errors reported, nor the fact that any vulnerabilities and/or errors have been reported to SMSEagle.
  • SMSEagle does not guarantee that you will receive any response from SMSEagle related to your report. SMSEagle will only contact your regarding your report if we think it is necessary.
  • You agree that you are making your report without any expectation or requirement of reward or other benefit, financial or otherwise, for making such report, and without any expectation or requirement that the vulnerabilities and/or errors reported are corrected by SMSEagle.