Security vulnerability reporting guidelines
Groomfiy welcomes reports of security vulnerabilities from the security research community. Please email security@groomfiy.com with your findings.
When reporting a security vulnerability, please include:
Scope: All systems under *.groomfiy.com.
Researchers acting in good faith and within the rules above will not be pursued under the Computer Fraud and Abuse Act (CFAA), DMCA, or similar laws.
We are not currently running a paid bug bounty program. Valid submissions may be eligible for recognition and future bounty consideration.
Version: v1.0
Last Updated: 2026-05-08
Effective Date: 2026-05-08