Here at Textr, we believe that security is of the utmost importance. We understand that our users entrust us with a great deal of personal information, and it is our responsibility to keep it safe and private. To that end, we build all our software with user privacy and security as the top priority. And in addition, we have a bounty program for our users to report any potential security issues they may find. We believe that working together can identify potential vulnerabilities and mitigate them before they become a problem.
If you’re interested in participating in our bounty program, you’ll need to follow the below guidelines:
- If you are the first person to disclose a previously unknown issue, you will be eligible for a bounty. We take pride in being fair and transparent, so you can be confident that you will receive credit for your discovery.
- While testing our software, please only use data that belongs to you. We do not permit any interaction with other accounts.
- To be a courteous citizen of Textr, we ask that you follow the Terms of Service and avoid automated testing that could interfere with the smooth running of our site.
- If you gain access to our system, please report it immediately so we can take appropriate actions and get the issue corrected promptly.
- We ask that you do not disclose any information regarding any vulnerability found until we have had a chance to patch it.
What can be reported
We're on the lookout for any security exploit that could pose a risk to our users' information. Our rewards vary depending on the severity of the exploit. Some examples of issues we are looking for include:
● Server-side code execution
● API security bypassing
● User data tampering
● Cross-site scripting (XSS)
What can’t be reported
Some examples of non-Qualifying exploits include:
● Hypothetical vulnerabilities
● Mixed-content scripts
● Social engineering
● DOS / brute-force attacks
If you have discovered a vulnerability in one of our products, we offer rewards for responsible disclosure. The vulnerability's severity will determine the reward amount, which we will send via Paypal once the vulnerability has been fixed.
Submitting a vulnerability
To report a security threat, use our dedicated submission form. we will review all submissions and respond within a few days. Once the patch is complete, we’ll pay you a bounty via Paypal to thank you for your contribution. We appreciate your help in identifying and reporting security vulnerabilities in our product. If you have any questions regarding the program, please contact us at firstname.lastname@example.org
Hall of fame
● Naveen Sihag: $300