
At Sentiance, we build technology that sits at the intersection of mobility intelligence and personal data. Security is not an afterthought for us, and we genuinely welcome researchers who take the time to look carefully at our systems.
If you find something, we want to hear from you.
Send your findings to privacy@sentiance.com. A useful report includes a clear description of the vulnerability, steps to reproduce it, the potential impact, and any supporting evidence such as screenshots, logs, or proof-of-concept code. The more context you provide, the faster we can act.
Sentiance is more than a website. If you are wondering where to start, our developer documentation at docs.sentiance.com gives you a meaningful window into what we build and how. Our backend infrastructure, APIs, and mobile applications (iOS and Android) are where the real crown jewels live, and they are all in scope.
www.sentiance.com is a static marketing site. It contains no backend logic and no personal data. It is technically in scope, but only for findings with genuine reputational or integrity impact, such as domain takeover or cache poisoning that could alter site content. Please do not submit low-impact web findings against www.sentiance.com, including missing security headers, cookie flags, clickjacking, or similar best-practice issues.
We prioritize vulnerabilities that demonstrate real impact on end user data, system integrity, or platform security. This includes authentication and authorization flaws, sensitive data exposure, API logic vulnerabilities, and mobile application security issues.
To keep the process useful for everyone, the following techniques must not be used during your research, and any findings derived from them will not be considered:
Restrict your testing strictly to your own accounts and data. If you gain access to an authenticated or restricted environment such as an admin panel or internal network, stop testing immediately and report the finding. Do not use that access to explore further. We will assess maximum impact from the finding itself.
Keep your proof-of-concept commands to the minimum necessary to confirm a finding. Checking a database version or returning a benign string is sufficient. Do not perform write operations, data manipulation, or bulk data extraction. Do not test flows that could incur costs for Sentiance, such as SMS-based or other transactional endpoints, without explicit permission.
If you encounter personal data belonging to Sentiance, its customers, end users, or partners during your testing, do not download, copy, store, or share it. Describe what you were able to access in your report, but do not include raw PII in screenshots or attachments. Redact or blur where necessary.
Do not discuss or disclose vulnerability details, proof-of-concept code, or reproduction videos to any third party, including on platforms such as YouTube or Vimeo, without prior written consent from Sentiance. This applies until Sentiance has had a reasonable opportunity to remediate, after which disclosure should be coordinated with Sentiance.
Respect the scope defined in this CVD. Testing assets outside of it removes the legal safe harbor described below and may expose you to legal consequences.
If you discover something outside this scope, you are welcome to report it regardless, but we cannot guarantee a response or safe harbor for out-of-scope findings.
Submit findings you understand and can demonstrate. Please do not submit placeholder reports, speculative findings, or bulk scanner output. Quality over quantity benefits everyone.
If you use AI tools as part of your workflow, you remain fully responsible for the validity of your findings. Reports that appear to be unverified AI output, contain fabricated elements, or lack demonstrated technical understanding may be closed without response.
We will acknowledge your report within 5 business days, keep you informed as the investigation progresses, and notify you when the vulnerability is resolved. We do not currently operate a paid bug bounty program, but we take every valid report seriously and credit researchers where they consent to it. Sentiance may choose to reward exceptionally valuable submissions, without any obligation to do so or to provide justification.
Sentiance considers security research and vulnerability disclosure activities conducted in good faith and in accordance with this policy to be authorized. We will not initiate or support legal action against researchers for activities carried out under this policy, provided the researcher:
Activities that go beyond what is necessary to demonstrate a vulnerability, or that cause harm to Sentiance systems, customers, or end users, are not authorized and fall outside this safe harbor.
Last updated: 28 April 2026
Sentiance delivers AI-native, on-device behavioral intelligence for mobile apps. We turn sensor data into real-time insights about how people move, drive, and live, enabling safer journeys, smarter experiences, and deeper engagement, all with privacy built in.
We're the intelligence layer apps can't live without.
You may unsubscribe from these communications at any time.

© Sentiance NV. - a website by mimosa