Security Disclosures

Always secure with you help.

Designed with security in mind. Open to feedback.

Wide Angle Analytics is a product of Input Objects GmbH, hereafter referred to as the Company.

Security Issue Reporting Guidelines

If you believe you have discovered a security vulnerability in Wide Angle Analytics, please report it to us immediately by emailing security@wideangle.co. Include detailed steps to reproduce the issue and a brief description of its impact. We encourage responsible disclosure (as described below) and commit to investigating all legitimate reports promptly and addressing any issues as quickly as possible.

We review all reports thoroughly, but please note that it may take up to 14 business days for us to respond, as each report is personally investigated by our staff.

Responsible Disclosure Policy

We kindly request that during your research, you make every effort to maintain the integrity of our users’ data, avoiding any actions that could violate privacy or degrade our service. You must allow us a reasonable amount of time to fix any vulnerability you find before disclosing it publicly. In return, we promise to investigate reports promptly and not take any legal action against you.

Bug Bounty

As a token of our appreciation for security researchers, we are pleased to offer full credit in any public postmortem after the bug has been resolved. Additionally, we provide a monetary bounty for certain qualifying bugs. To qualify for the bounty, you must:

  • Adhere to our responsible disclosure policy (see above).
  • Report the bug to us first and allow reasonable time for us to address the issue before public disclosure.
  • Be the first to report the issue to us.
  • Use a test account (a free trial account is acceptable) or an account that you control. Never interact with other accounts without the owner’s consent.
  • Identify a bug that could compromise private user data or enable unauthorized access to systems running Wide Angle Analytics infrastructure.

Examples of valid vulnerability types include:

  • Authentication or session management issues
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF/XSRF)
  • Remote Code Execution
  • Privilege Escalation

The decision on whether a bug qualifies for a bounty is at the sole discretion of the Company. Qualifying bugs will be eligible for a bounty ranging from a minimum of €50 to a maximum of €2,000. The exact amount will be determined based on the severity of the vulnerability, the number of users potentially affected, and other relevant factors. All bounties will be paid via wire transfer upon receipt of a valid invoice.

Please note that bug bounties will not be awarded to individuals, companies, or research entities operating from or incorporated in Russia, Belarus, the People’s Republic of China, or any country sanctioned by the European Union.