Learn about Flipsnack's Bug Bounty Program, including eligibility, submission guidelines, rewards, and how to participate in enhancing our platform’s security.
Objective: The Flipsnack Bug Bounty Program is designed to encourage security researchers, developers, and ethical hackers to identify and report potential security vulnerabilities within our platform. By partnering with the security community, our goal is to enhance the overall security of Flipsnack.
Program Scope: The Bug Bounty Program covers security vulnerabilities in Flipsnack's web and mobile applications, APIs, and related infrastructure. Vulnerabilities that could impact the confidentiality, integrity, or availability of user data or the Flipsnack platform are eligible for this program.
Eligibility:
- The Bug Bounty Program is open to individual security researchers and professionals.
- Participants must comply with all applicable local, state, and national laws.
- Employees of Flipsnack, its subsidiaries, and their family members are not eligible to participate in this program.
Submission Guidelines:
- Submissions must include a detailed report of the vulnerability, steps to reproduce it, and its potential impact. Clear and concise explanations are necessary for a valid submission.
- Provide a working proof of concept to demonstrate the vulnerability.
- Do not publicly disclose the vulnerability until it has been resolved and you have received explicit permission from Flipsnack.
- Only submit vulnerabilities that are your original work. Avoid submitting duplicates of previously reported vulnerabilities.
Out-of-Scope vulnerabilities:
- Issues related to social engineering attacks.
- Vulnerabilities in third-party services or software not owned by Flipsnack.
- Denial of Service (DoS) attacks.
- Issues requiring physical access to the victim’s device.
- Reports from automated tools or scans that do not demonstrate a specific vulnerability.
Reward guidelines:
The reward for a valid vulnerability is up to $500, depending on the severity and impact of the issue. Rewards are categorized as follows:
- Critical
- High
- Medium
- Low
The Flipsnack security team determines the reward amount based on the vulnerability's severity, the report's quality, and the impact on our platform.
Important Note: Not all submissions will result in a reward. If another researcher has already reported the vulnerability or was identified by our security team, it will not qualify for a reward. Additionally, the review process may take some time, depending on the complexity of the issue and the volume of submissions
Process:
- Submit your report via our dedicated bug bounty platform or by emailing privacy@flipsnack.com.
- You will receive an acknowledgment of your submission within 48 hours.
- Our security team will validate the vulnerability and assess its impact.
- Once validated, we will work to resolve the issue as quickly as possible. You will be updated on the status throughout the process.
- After the vulnerability is resolved, the reward will be issued within 30 days.
Legal Safe Harbor:
We will not pursue legal action against researchers who:
- Adhere to the program rules and guidelines.
- Make a good faith effort to avoid privacy violations, disruption of services, and destruction of data.
- Provide us with sufficient time to resolve the issue before disclosing it publicly.
Program Terms:
- Flipsnack reserves the right to modify the terms of this program or discontinue it at any time without notice.
- All decisions regarding the program, including reward eligibility and amount, are final and at the discretion of the Flipsnack security team.
Contact Information: For any questions or clarifications about the Bug Bounty Program, please contact us at privacy@flipsnack.com.