Security
Vulnerability Disclosure
Effective date: June 6, 2026
Reporting security issues
If you believe you found a security issue in STROKIX, including the Slack app, connected workflows, authentication, tenant isolation, or public services, email us at [email protected].
Include a clear description, affected URL or workspace area, reproduction steps, impact, and any relevant screenshots or logs. Please do not include customer secrets, API keys, or unnecessary personal data in your report.
Scope
- strokix.com
- app.strokix.com
- api.strokix.com
- STROKIX Slack app surfaces and OAuth flow
- STROKIX-managed connector and approval workflows
Safe harbor
We will not pursue legal action for good-faith security research that avoids privacy violations, service disruption, data destruction, social engineering, spam, phishing, or access to data that does not belong to you.
Please avoid
- accessing, modifying, or deleting another user's data;
- running denial-of-service or resource-exhaustion tests;
- attempting physical attacks or social engineering;
- publicly disclosing a vulnerability before we have reviewed it;
- testing third-party services that are not controlled by STROKIX.
Response
We aim to acknowledge valid reports within 5 business days and will provide updates as we investigate and remediate the issue. We do not currently operate a paid bug bounty program.
Related policies
See the security overview and Privacy Policy for more information about STROKIX controls and data handling.