If you would like to report vulnerability or a bug you found within our application you can do so by sending us email to email@example.com.
Security issues reported to us are verified, evaluated by our DevOps team and passed to developers at the appropriate criticality level.
If the vulnerability is confirmed to exist, 50$ Amazon gift cards are given as a reward per every reported finding type (one vulnerability type affecting for e.g contiguous fields will be still counted as one finding).
Disclosure about the reported vulnerability is performed — according to GDPR regulations — when vulnerability affects our customer's personal information.
We don't disclose minor vulnerabilities and fixes — those are just handled internally without public facing notice. We don't track any sort of dashboard that would be a public facing "Hall of fame" listing individual contributors/researchers.