Schedance icon
Back to sign up
Legal

Security Disclosure Policy

How to report a security vulnerability to Schedance in good faith.

Security Disclosure Policy

Schedance (17910797 Canada Inc.) welcomes good-faith security research. If you believe you have found a vulnerability in schedance.net or the Schedance platform, please email **security@schedance.net** with a description of the issue, the steps to reproduce it, and any relevant URLs or request/response samples. We ask that you give us a reasonable opportunity to investigate and remediate before any public disclosure, that you avoid accessing, modifying, or deleting data that is not yours, and that you not degrade the Service for others while testing. We will acknowledge reports promptly — normally within five (5) business days — keep you informed of remediation progress where practical, and we will not pursue or support legal action against researchers who act in good faith within these guidelines. We do not currently operate a paid bug-bounty program.

**Scope.** This policy covers schedance.net and Schedance-operated services and API endpoints. Out of scope: third-party services we use (including our payment, hosting, database, and email providers — report issues in those services to the respective vendor), other tenants' or users' data, denial-of-service or volumetric load testing, physical-security testing, and social engineering of any person. Testing that complies with this policy and the good-faith conditions above is authorized for the purposes of our no-legal-action commitment.

---

- Effective: 2026-06-12 - Owner: security@schedance.net - Review cadence: annual or on material change.