Download SharpSpring

Vulnerability research and testing on the SharpSpring services and products to which you have authorized access. In no event shall your research and testing involve, without limitation:Accessing, or attempting to access, accounts or data that do not belong to you or your authorized users,Any attempt to download, modify, or destroy any data,Executing, or attempting to execute, a denial of service attack,Sending, or attempting to send, unsolicited or unauthorized email, spam or other forms of unsolicited messages,Testing third party websites, applications or services that integrate with any SharpSpring services,Posting, transmitting, uploading, linking to, sending or storing malware, viruses or similar harmful software, or otherwise attempting to interrupt or degrade the SharpSpring services.Any activity that violates any applicable law.Reporting In-Scope Security VulnerabilitiesIf you believe you have discovered a security vulnerability issue, please share the details with SharpSpring by completing our Submission Form. We will work with you to validate and respond to security vulnerabilities that you report to us. Your report will be forwarded to our partner (BugCrowd) for timely acknowledgement and verification. You are rewarded “points” for each validly accepted report made. You must be the first person to report the bug to earn all possible points.Verified issues will be passed to our development teams for remediation on a timeline commensurate with the severity of the issue (as defined by the BugCrowd Vulnerability Rating Taxonomy). { do not send vulnerability emails directly to SharpSpring employees. Email communication between you and SharpSpring, including without limitation, emails you send to SharpSpring reporting a potential security vulnerability, should not contain any of your proprietary information. The contents of all email communication you send to SharpSpring shall be considered non-proprietary. SharpSpring, or any of its affiliates, may use such communication or material for any purpose whatsoever, including, but not limited to, reproduction, disclosure, transmission, publication, broadcast, and further posting.Out-of-Scope The following is a partial list of issues that we ask for you not to report, unless you believe there is an actual vulnerability:CSRF on forms that are available to anonymous usersDisclosure of known public files or directories (e.g. robots.txt)Domain Name System Security Extensions (DNSSEC) configuration suggestionsBanner disclosure on common/public servicesHTTP/HTTPS/SSL/TLS security header configuration suggestionsLack of Secure/HTTPOnly flags on non-sensitive cookiesLogout Cross-Site Request Forgery (logout CSRF)Phishing or Social Engineering TechniquesPresence of application or web browser ‘autocomplete’ or ‘save password’ functionalitySender Policy Framework (SPF) configuration and Domain-based Message Authentication, Reporting & Conformance (DMARC) suggestionsBy participating in this Vulnerability Disclosure Program, you acknowledge that you have read and agree to SharpSpring’s Terms of Service and Privacy Notice, as well as BugCrowd’s Standard Disclosure Terms. In the event of any conflict between SharpSpring’s Terms of Service and BugCrowd’s Standard Disclosure Terms, SharpSpring’s Terms of Service shall control.

SharpSpring from Constant Contact (SharpSpring) takes the security of our platforms and our users’ data very seriously. If you have discovered or believe you have discovered potential security vulnerabilities in a SharpSpring service, we encourage you to disclose your discovery to us as quickly as possible in accordance with this Vulnerability Disclosure Program. Please note that the Vulnerability Disclosure Program is different from a bug bounty. The Vulnerability Disclosure Program allows ethical hackers to find and report vulnerabilities but it does not provide monetary compensation. SharpSpring reserves the right to accept or reject any submission.Safe HarborIf you discover and report security vulnerabilities in accordance with this [Vulnerability Disclosure Program], we consider this research to be:Authorized in accordance with the Computer Fraud and Abuse Act (CFAA) (and/or similar state laws), and we will not initiate or support legal action against you for accidental, good faith violations of this Voluntary Disclosure Policy;Exempt from the Digital Millennium Copyright Act (DMCA), and we will not bring a claim against you for circumvention of technology controls;Exempt from restrictions in our Terms of Service that would interfere with conducting security research, and we waive those restrictions on a limited basis for work done under this [Vulnerability Disclosure Program]; andLawful, helpful to the overall security of the Internet, and conducted in good faith.You are expected, as always, to comply with all applicable laws. If at any time you have concerns or are uncertain whether your security research is consistent with this [Vulnerability Disclosure Program], please contact us before going any further.EligibilityYou may not participate in this program if you are an employee or family member of an employee, or a current vendor or employee of such vendor, of SharpSpring of any of its subsidiaries. You are also prohibited from participating if you are (i) in a country or territory that is the target of U.S. sanctions (including Cuba, Iran, Syria, North Korea, or the Crimea region of Ukraine), (ii) designated as a Specially Designated National or Blocked Person by the U.S. Department of the Treasury’s Office of Foreign Assets Control or otherwise owned, controlled, or acting on behalf of such a person or entity, or (iii) otherwise a prohibited party under U.S. trade and export control laws.Discretionary Disclosure Policy:Because public disclosure of a security vulnerability could put the entire SharpSpring community at risk, we require that you keep such potential vulnerabilities confidential until we are able to address them. Therefore, public disclosure of the submission details of any identified or alleged vulnerability without express written consent from SharpSpring will deem the submission as noncompliant with this Vulnerability Disclosure Policy. Discovering Security VulnerabilitiesWe encourage responsible security research on the SharpSpring services and products. We allow you to conduct

Choose SharpSpring. All-In-One Revenue Growth PlatformFuel agency & business growth with SharpSpring's end-to-end sales, marketing automation, & CRM features in a single Revenue Growth Platform.Generate leadsIncrease sales & revenueOptimize marketing & sales funnels More than [php slug=number-of-agencies] agencies and [php slug=number-of-businesses] businesses choose SharpSpring. Drive more leads. Convert them to sales.Optimize your entire funnel.Marketing Automation • Email • CRM • Sales Engagement • Social Media • AdsDrive more leads. Convert them to sales. Optimize your entire funnel.Marketing Automation • Email • CRM • Sales Engagement • Social Media • Ads All the features in SharpSpring are designed to work together for you to:Generate quality leads with targeted communication & lead nurturingWin more customers with dynamic content & personalizationConvert leads faster with content & landing pages that convertMarketing and sales teams no longer need to spend time cobbling together tools and data. Now they can focus on growing your business and creating better customer experiences in an all-in-one marketing platform. VIEW ALL FEATURESSharpSpring is an incredibly affordable, yet comprehensive marketing platform.And we're the only automation platform to provide all of the marketing automation, CRM, & sales features you need to support your entire customer lifecycle. Check out all of these features that are included in the SharpSpring Revenue Growth Platform:SharpSpring is an incredibly comprehensive platform.And we're the only one to deliver all the features you need to support your entire customer lifecycle. SharpSpring is built to play nicely with the systems you want to keep.CRM, CMS, form builder – not a