Bug Bounty Program
We appreciate the work of security researchers and welcome responsible disclosure of security vulnerabilities in our products and services.
Scope
Our bug bounty program covers security vulnerabilities in:
- Tellspin web application (*.tellspin.com)
- Tellspin API endpoints (api.tellspin.app)
- Any Tellspin-owned web properties
Reporting a Vulnerability
If you believe you've found a security vulnerability, please send a detailed report to:
bugs@plainice.com
Please include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Any supporting materials (screenshots, proof of concept code, etc.)
- Your contact information for follow-up
Guidelines
- Do not attempt to access, modify, or delete data belonging to other users
- Do not attempt denial of service attacks
- Do not use automated scanning tools without prior approval
- Do not disclose the vulnerability to others before we've had a chance to address it
Response Timeline
We will acknowledge receipt of your report within 2 business days and strive to:
- Provide an initial assessment within 5 business days
- Keep you informed about our progress
- Fix verified vulnerabilities as quickly as possible
Rewards
Rewards are determined based on:
- Severity of the vulnerability
- Quality of the report
- Potential impact
- Complexity of the finding
We do not provide specific reward ranges publicly, but we aim to be competitive with industry standards for similar vulnerabilities.
Legal
Researchers who comply with our program guidelines and responsible disclosure practices will not face legal action for their research.
Thank you for helping make Plainice more secure!