Join our BugBounty Program
About the Program
We understand the amount of work and research that goes into security testing. As such, reporting any vulnerability that could compromise the confidentiality or integrity of our users or service will be directly rewarded.
A reward of up to USD$500 (paid in PLU) may be provided for the disclosure of qualified bugs (Bypassing login processes, executing code, interfering with user interaction, accessing other sessions, etc).
Smaller vulnerabilities that do not meet our severity criteria may still be provided a minimum of USD$100 (PLU) if they lead to an improvement in overall security.
In order to abide by our policy, vulnerabilities must be disclosed privately and provide us reasonable time to respond.
Please note: We do not reward spam or socially engineered vulnerabilities, neither do we reward vulnerabilities that have been disclosed publicly. Third-party applications such as the ones we use to test our BETA applications are not incorporated into this bounty programme. This includes Crashlytics, Telegram, etc.
Terms & Restrictions
- The first person to report and disclose a bug will be rewarded.
- Publicly disclosed bugs will not be rewarded.
- The reward amounts may increase and decrease, this is at our discretion.
- We may cancel the programme at anytime.
- Your testing must not violate any laws at any time.
- Due to legal restrictions, we cannot and will not reward residents of countries under current U.S. sanctions (including North Korea, Libya, Cuba).