Data Security

Vulnerability Disclosure Program

No technology is perfect and Smartcar believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology.

Scope

In Scope

Testing is only authorized on the target domains listed as in scope.

  • smartcar.com

  • api.smartcar.com

  • auth.smartcar.com

  • connect.smartcar.com

  • dashboard.smartcar.com

  • javascript-sdk.smartcar.com

  • cdn.smartcar.com

  • developer-backend.smartcar.com

  • connectyourcar.com

Out of Scope

Any domain/property of Smartcar not listed in the In Scope section is out of scope. This includes any/all subdomains not listed above. Any services hosted by 3rd party providers and services are excluded from scope including the following.

  • support.smartcar.com

  • drive.smartcar.com

  • calendar.smartcar.com

  • mail.smartcar.com