Our bug bounty program follows a rating system based on the Bugcrowd Vulnerability Rating Taxonomy, which includes the following severity levels:

We appreciate the responsible disclosure of valid vulnerability reports and will reward security researchers for their efforts according to the severity level of the reported vulnerability. The rewards will be determined at our discretion based on the criticality of the vulnerability, the quality of the report, and any other relevant factors.

The following activities are specifically excluded from our bug bounty program:

1. Testing on alpha versions of our applications
2. Social engineering, such as phishing, of our employees or customers
3. Physical security testing of our offices, servers, or employees
4. Testing of third-party software other than misconfigurations or vulnerabilities caused by the third-party software
5. Self XSS attacks
6. Misconfigured or lack of DMARC records
7. Brute Force attacks
8. DDoS attacks

If you have discovered a security vulnerability related to our platform, we encourage you to report it to us as soon as possible through our bug reporting to [email protected]. We ask that you provide us with enough information to reproduce the issue, including a proof-of-concept or steps to reproduce the vulnerability. We also ask that you keep all information related to the vulnerability confidential until we have addressed it.

Once we receive your report, we will work to verify and respond to it as quickly as possible. We appreciate your cooperation and contributions to maintaining the security of our platform.