If you think you have found security vulnerabilities on Shoeboxed, we encourage
you to let us know right away.
Provided that you have followed these rules of responsible disclosure, we will, at our discretion,
publicly credit you for your findings. At this time, we do not offer a monetary bounty.
Rules of Responsible Disclosure
While trying to find security vulnerabilities, you…
should not attempt to gain access to another user’s data
should not use automated tools, including scanners or DDoS attacks
should not disclose any bugs found to the public until they have been fixed
should only work with your own account and data
should only look for technical vulnerabilities, not phishing or social engineering attacks