SOC 2 TYPE 2 CERTIFICATION IN PROGRESS
Table of contents
Responsible Disclosure Policy
At Bunnyshell, data security is a critical aspect and we recognize the importance of collaborating with proficient security researchers to detect any vulnerabilities in our technology. If you come across any security vulnerability in Bunnyshell's service, please do not hesitate to inform us so we can take prompt action and address the issue together.
Bunnyshell encrypts data at rest and in transit for all of our customers. We use tools like Hashicorp Vault to manage encryption keys for security in line with industry best practices.
Bunnyshell regularly engages security experts for third-party penetration tests. Our penetration testers evaluate the running application, and the deployed environment.
Bunnyshell also uses high-quality static analysis tooling provided by Snyk to secure our product at every step of the development process.
Bunnyshell uses Amazon Web Services to host our application. We make use of the security products embedded within the AWS ecosystem, such as GuardDuty.
Last Updated: January 20, 2023
Our Responsible Disclosure Program has certain vulnerabilities that are not included in its scope.
This policy applies to Bunnyshell Application hosted at environments.bunnyshell.com and to any other subdomains or services associated with the Bunnyshell App. We do not accept reports for vulnerabilities solely affecting our marketing website (www.bunnyshell.com) which contains no sensitive data.
When submitting a report of a possible vulnerability, kindly provide a comprehensive summary of the vulnerability, including the target affected, steps taken, tools used and any relevant evidence (screenshots are highly appreciated).
Everything you need to know about the product and billing.