Introduction
Responsible Disclosures
Responsible Disclosures
How to report vulnerabilities as part of our bug bounty program.
Best practices
We encourage everyone that practices responsible disclosure to participate in the program.
To take part, please make sure that you:
- abide by our terms of service.
- avoid the use of automated testing frameworks.
- only perform testing with your own credentials.
- include a proof of concept on how the vulnerability could be exploited.
- do not disclose any information regarding vulnerabilities until we have a fix in place.
Rewards are given at our discretion depending on the criticality of the vulnerability reported.
Scopes
We’ve defined the scope of the program to exclude some services which are not critical or pose no risk to customer data, or which we consider not suitable for the program at this time.
In Scope
- our Dashboard https://app.paisr.tech
- our API https://api.live.paisr.tech
- our CDN https://uploads-ssl.paisr.tech
- our Hosted Checkout https://checkout.paisr.tech
Out of Scope
- our website https://www.paisr.tech
- our docs https://docs.paisr.tech
- our status page https://status.paisr.tech
- Phishing, social engineering, or otherwise trying to engage Paisr employees
- Denial of service attacks & DNSSEC warnings
Have something to report?
Report a vulnerability
You can report vulnerabilities by contacting security@paisr.tech
We will respond as quickly as possible to all submissions that follow the rules above, and will consider them as part of the bug bounty program.