Miyah HR

Report a Vulnerability

Help us improve our security by reporting vulnerabilities responsibly

Responsible Disclosure Policy

At Mia HR, we take security seriously. We appreciate the work of security researchers in improving the security of our services, and we're committed to working with the community to verify, reproduce, and respond to legitimate reported vulnerabilities.

Reporting a Vulnerability

If you believe you've discovered a security vulnerability in our services, we encourage you to notify us. We welcome reports from everyone, including security researchers, users, and others who care about our services.

How to Report

Please email your findings to security@miahr.com. Encrypt your report using our PGP key to ensure confidentiality.

To help us triage and prioritize your report, please include the following information:

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact of the vulnerability
  • Any suggested mitigation or remediation actions
  • Whether or not you are interested in being publicly acknowledged for your finding

What to Expect

After receiving your report, we will:

  • Acknowledge receipt of your vulnerability report within 2 business days
  • Provide an estimated timeline for a fix after verifying the issue
  • Notify you when the vulnerability is fixed
  • Give proper credit if you wish to be acknowledged publicly

Scope

Our vulnerability disclosure policy applies to all Mia HR services, including:

  • Mia HR web applications
  • Mobile applications
  • APIs and backend services

Rewards

While we don't currently operate a formal bug bounty program, we may offer rewards at our discretion for critical vulnerabilities. The reward amount will be based on the severity of the vulnerability and the quality of the report.

Guidelines

We request that in your research, you:

  • Do not access, modify, or delete data that does not belong to you
  • Do not perform any action that could negatively impact other users or Mia HR services
  • Do not perform tests that could impact the reliability or integrity of our services
  • Do not violate any applicable laws or regulations

Safe Harbor

Mia HR is committed to not pursuing legal action against security researchers who:

  • Make a good faith effort to comply with this policy
  • Avoid intentional harm to our users, employees, and systems
  • Wait until we have addressed the vulnerability before publicly disclosing it

Last Updated: April 29, 2025

Back to Home