Bug Bounty Program Rules
Bug Bounty Program
We value the security of our platform and appreciate the efforts of security researchers in identifying potential vulnerabilities. Our bug bounty program offers rewards based on the severity of the discovered issues.
Risk Levels and Rewards
Low Risk
- Description: Minor vulnerabilities with limited impact on security.
- Reward: One company t-shirt
Medium Risk
- Description: Moderate vulnerabilities that could potentially compromise user data or system integrity.
- Reward:
- One company t-shirt
- One company mug
High Risk
- Description: Critical vulnerabilities that could lead to significant data breaches, system compromise, or service disruption.
- Reward:
- $25 Amazon gift voucher
- One company t-shirt
- One company mug
- 100 dollars of free credits on our platform
Scope
This bug bounty program covers vulnerabilities found in our API and platform. Please note that our website is excluded from this program.
Submission Guidelines
-
Reporting: Submit your detailed bug bounty report to [email protected].
-
Information Required:
- Detailed description of the vulnerability
- Steps to reproduce the issue
- Proof of concept (PoC) if applicable
- Impact assessment
- Suggested mitigation or fix (optional)
-
Response Time: We aim to acknowledge receipt of your report within 2 business days.
-
Evaluation: Our security team will evaluate the submission and determine its severity and eligibility for a reward.
-
Disclosure: Please allow us 90 days for remediation before any public disclosure.
Terms and Conditions
-
Eligibility: You must be at least 18 years old and not a current employee, contractor, or affiliate of our company to participate.
-
Legal Compliance: All testing must comply with applicable local, state, and federal laws.
-
Scope Limitations: Only vulnerabilities in the specified API and platform are eligible. Attacks against our physical infrastructure, social engineering attempts, and denial of service attacks are strictly prohibited.
-
Responsible Disclosure: Do not disclose any vulnerability information to the public or third parties before we have addressed the issue.
-
Non-Duplicate: Only the first report of a specific vulnerability will be eligible for a reward.
-
No Guarantee: We reserve the right to cancel or modify this program at any time without prior notice.
-
Ineligible Findings: Vulnerabilities already known to us, or those with minimal security impact, may not be eligible for rewards.
-
Reward Decisions: All reward decisions are at the sole discretion of our security team and are final.
By participating in this bug bounty program, you agree to these terms and conditions.
Updated 4 months ago