We welcome software security researchers that want to help us hunt down vulnerabilities.
Should you find one, send it over. We'll be filled with gratitude and reward you with up to
$5,000 USD for critical vulnerabilities.

Our program has very few rules for now, and we will react on a
case by case basis, applying our criteria to determine awards.

- Reproducible steps: If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.
- One vulnerability per report: unless you need to chain vulnerabilities to provide impact.
- Duplicates don't get rewarded: we only award the first report that was received (provided that it can be fully reproduced).
- One origin: Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.
- No social engineering: Phishing, vishing, smishing, etc are prohibited.
- Don't be evil: Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

$50 - Low impact / low risk
$150 - Medium impact / medium risk
$500 - High impact / high risk
$5.000 - Critical impact / high risk

Happy hacking!