Teleperson
Security

Responsible disclosure

How to report a security vulnerability to Teleperson.

We take security reports seriously. If you've found a vulnerability in the Teleperson browser extension, web app, or backend, please let us know.

How to report

Email security@teleperson.com. Please include:

  • A clear description of the vulnerability.
  • Reproduction steps (or a proof-of-concept payload).
  • The affected surface (extension version, web app URL, etc.).
  • Your assessment of severity and impact.

We aim to acknowledge every report within one business day and provide a substantive response within five business days.

What's in scope

  • The published Chrome Web Store and Firefox Add-ons listings.
  • teleperson.com and any subdomain we control (docs.teleperson.com, *.supabase.co projects we operate).
  • The austinjh1234/teleperson2026 GitHub repo (if you find a leaked secret in the history, please tell us privately rather than opening a public issue).

What's out of scope

  • Side-loaded development builds. If you're running an unpublished version of the extension you compiled yourself, vulnerabilities specific to that version aren't in scope.
  • Third-party integrations. If you find a vulnerability in Anthropic, Stripe, Plaid, ElevenLabs, Vapi, Twilio, or any other vendor we use, please report it to them directly.
  • Theoretical attacks that require physical access to the user's unlocked machine.
  • DoS attacks, brute-force attacks, or social-engineering tests against our team.

Safe harbor

We will not pursue legal action against good-faith security researchers who:

  • Make a reasonable effort to avoid privacy violations, destruction of data, and interruption or degradation of our service.
  • Do not access more data than necessary to demonstrate the vulnerability.
  • Give us reasonable time to fix the issue before public disclosure.

If you have any uncertainty about whether your testing is in scope or appropriate, ask first at security@teleperson.com.

Credit

With your permission, we credit reporters in our release notes and on this page. Reporters who find significant vulnerabilities may be eligible for a bounty — we evaluate severity case-by-case and respond with an offer when applicable.

Hall of fame

(This page will list confirmed reporters once we've received and resolved our first reports.)

Vendor accounts security model

How Teleperson connects to third-party seller accounts (eBay, Shopify partner stores) without holding your vendor passwords.

Frequently asked questions

Answers to the questions Teleperson users ask most often.

On this page

How to reportWhat's in scopeWhat's out of scopeSafe harborCreditHall of fameRelated