Skip to main content

Sierra Responsible Disclosure Policy

Security is our highest priority, and we recognize that collaborating with security researchers helps uncover potential weaknesses in our technology.

If you believe you’ve discovered a potential security vulnerability in Sierra’s platform or service, please let us know by emailing us at security@sierra.ai. We will acknowledge your email within five business days.

Provide us with a reasonable amount of time to respond and resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within ten business days of disclosure.

Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Sierra service. Please only interact with accounts you own or for which you have explicit permission from the account holder.

While researching, please refrain from exploiting:

  • Distributed Denial of Service (DDoS)
  • Spamming
  • Social engineering or phishing of Sierra employees or contractors
  • Any attacks against Sierra’s physical property or data centers

We may revise these guidelines from time to time without prior notice. Thank you for helping us keep Sierra and our customers safe.