Security

Bug Bounty Program

Help us improve our security and earn rewards. We invite security researchers to test our systems responsibly. If you find a vulnerability, we'll pay you for reporting it.

Basic rules

Test carefully and responsibly. Follow these guidelines to participate.

Test carefully

Don't disrupt our services or use automated scanning tools.

Use your own account

Never attempt to access other users' accounts.

Notify us immediately

If you gain access to internal systems, report it right away.

Keep findings confidential

Don't disclose vulnerabilities until we've resolved them.

First reporter wins

Only the first person to report a specific vulnerability receives the reward.

What we're looking for

We reward findings that represent real security risks. Bigger rewards go to more critical issues.

Unauthorized data access

Access to other users' data (merely confirming an account exists does not qualify).

API security bypass

Bypassing API security controls (e.g. rate-limit evasion, authentication bypass).

XSS vulnerabilities

Cross-site scripting (XSS) vulnerabilities in our applications.

Remote code execution

Remote code execution on our servers.

Injection attacks

SQL injection or other injection attacks.

Auth flaws

Authentication or session management flaws.

What we don't pay for

The following categories are outside the scope of our bounty program.

Denial-of-service (DoS/DDoS) attacks or brute-force attempts.

Mixed content or SSL configuration issues.

Social engineering or phishing attacks.

Theoretical vulnerabilities without a working proof of concept.

Missing security headers or standard hardening settings.

Vulnerabilities in third-party services or dependencies outside our control.

How we pay

The more critical the vulnerability, the higher the reward. There is no fixed cap. If you find something particularly serious, we'll compensate accordingly. Payments are processed in USD via PayPal after the vulnerability has been verified and resolved.

How to report

Follow these steps to submit a vulnerability report.

01

Submit

Fill out the vulnerability report form below with a detailed description and proof of concept.

02

Review

Our security team will review your report and respond within 7 business days.

03

Resolution

We work on a fix. We may reach out for additional details or clarification.

04

Reward

Once the vulnerability is verified and resolved, we process your reward in USD via PayPal.

Report a vulnerability

Fill out the form below with as much detail as possible. Include steps to reproduce, impact assessment, and any proof of concept.