Skip to content
Book a demo
Log in
Security

Security at Propstreet

We take the security of our platform seriously. If you believe you have found a vulnerability, please follow the process below — we are grateful for responsible disclosure and will work with you in good faith.

How to report

Email us at

  • A description of the issue
  • Steps to reproduce
  • The affected URL or component
  • Your preferred contact details for follow-up

Please do not publish details before we have had a reasonable opportunity to investigate and remediate.

Our commitment

  • Acknowledgement: within 2 business days
  • Triage and initial response: within 5 business days
  • Critical issues (CVSS 9.0+): remediation within 24 hours
  • High issues (CVSS 7.0–8.9): remediation within 7 days
  • Medium issues (CVSS 4.0–6.9): remediation within 30 days
  • Low issues: remediation at the next scheduled release

Scope

In scope: app.propstreet.com, propstreet.com, and the public REST API (/api/v1/*).

Out of scope: any third-party service we integrate with (please report to them directly), social-engineering attempts, physical security, and denial-of-service.

Safe harbour

Propstreet will not pursue legal action against researchers who:

  • Make a good-faith effort to comply with this policy
  • Avoid privacy violations, destruction of data, and interruption of service
  • Do not access or modify data beyond what is necessary to demonstrate the vulnerability
  • Give us reasonable time to remediate before any public disclosure

Recognition

We are happy to credit researchers who have responsibly disclosed valid security issues. Email us if you would like to be acknowledged.