Bug Bounty Program

We appreciate the work of security researchers and welcome responsible disclosure of security vulnerabilities in our products and services.

Scope

Our bug bounty program covers security vulnerabilities in:

  • Tellspin web application (*.tellspin.com)
  • Tellspin API endpoints (api.tellspin.app)
  • Any Tellspin-owned web properties

Reporting a Vulnerability

If you believe you've found a security vulnerability, please send a detailed report to:

bugs@plainice.com

Please include:

  • A clear description of the vulnerability
  • Steps to reproduce the issue
  • Any supporting materials (screenshots, proof of concept code, etc.)
  • Your contact information for follow-up

Guidelines

  • Do not attempt to access, modify, or delete data belonging to other users
  • Do not attempt denial of service attacks
  • Do not use automated scanning tools without prior approval
  • Do not disclose the vulnerability to others before we've had a chance to address it

Response Timeline

We will acknowledge receipt of your report within 2 business days and strive to:

  • Provide an initial assessment within 5 business days
  • Keep you informed about our progress
  • Fix verified vulnerabilities as quickly as possible

Rewards

Rewards are determined based on:

  • Severity of the vulnerability
  • Quality of the report
  • Potential impact
  • Complexity of the finding

We do not provide specific reward ranges publicly, but we aim to be competitive with industry standards for similar vulnerabilities.

Researchers who comply with our program guidelines and responsible disclosure practices will not face legal action for their research.

Thank you for helping make Plainice more secure!

Previous
Security