Wiggle Vulnerability Disclosure Policy

Wiggle is committed to maintaining the security and privacy of our users and their data. We value the contributions of independent security researchers and the community in helping us identify and responsibly disclose potential vulnerabilities.

Last updated: October 29, 2025

Reporting a Vulnerability

  • If you believe you have discovered a security or privacy issue in Wiggle's platform, APIs, or integrations (including the Wiggle Slack app), please report it to us immediately by emailing security@wiggle-app.com.
  • Include a detailed description of the issue, the steps required to reproduce it, and any relevant technical information.
  • Please do not publicly disclose the vulnerability until we confirm that it has been resolved.
  • We encourage responsible disclosure and appreciate your cooperation in keeping our users safe.

Our Commitment

  • We acknowledge all valid vulnerability reports within 48 hours.
  • We will provide regular status updates during the investigation and fix process.
  • We prioritize resolution based on the potential impact and severity.
  • We will notify the reporter once the issue has been fully resolved.
  • We maintain transparency throughout the process while ensuring user safety.

Scope

  • The Wiggle web platform and its APIs
  • The Wiggle Slack integration
  • Any associated data processing endpoints under the `wiggle-app.com` domain
  • All user-facing interfaces and backend services that process customer data

Out of Scope

  • Denial-of-service attacks
  • Social engineering or phishing attempts
  • Issues in third-party services (e.g., Slack, Google, or OpenAI infrastructure)
  • Vulnerabilities that require physical access to user devices or systems

Safe Harbor

  • Wiggle supports responsible security research and values the contributions of the security community.
  • If you adhere to this policy and act in good faith, we will not pursue legal action against you for disclosing vulnerabilities responsibly.
  • We encourage researchers to follow responsible disclosure practices and work with us to protect our users.
  • We may recognize significant contributions through our security acknowledgments program.