Skip to content
Close
LOGIN
BOOK A DEMO
BOOK A DEMO
rep+-temp
Reputation+
Keep your brand safe

  • 24/7 accurate moderation

  • Crisis monitoring & alerts

  • Sentiment & social listening

agent+temp
Agent+
Reply faster and better with AI

  • Draft replies queued for you

  • Approve and send in batches

  • Post & site-aware replies

engage+-temp
Engage+
We reply for your brand

  • 24/7 managed responses

  • Pre-approved playbooks

  • Full community care

LEARN MORE

Integrations

BrandBastion ROI

blog
Blog
Social media news and tips
inspiration2
Inspiration Hub
Find ideas for posts and ads
downloads-2
Guides & Downloadables
Learn how to manage social
calculator
ROI Calculator
Discover your uplift potential 
profits
Case studies
The success you can expect
BRANDBASTION

Bug Bounty Policy

Introduction

We value the security of our systems and the privacy of our users. To maintain and enhance our security posture, we encourage responsible disclosure of vulnerabilities. If you identify a security vulnerability in our systems, we appreciate your effort in bringing it to our attention.

 

Scope

This policy applies to:

  • Vulnerabilities in our public-facing application app.brandbastion.com and all associated subdomains (eg: "xyz.app.brandbastion.com" )
  • Reports that detail specific, actionable security vulnerabilities.

 

Out of scope:

  • The main brandbastion.com domain and any subdomains except for the ones in scope.
  • Vulnerabilities in systems or services not owned or controlled by us.
  • Social engineering attacks, physical security issues, or any activity that violates applicable laws or regulations.
  • Denial of Service (DoS) attacks.

 

Our Principles

  1. Acknowledgment and Transparency: We value all contributions and commit to reviewing and addressing reported vulnerabilities promptly, especially those that are critical.
  2. Fair Evaluation: Each submission will be evaluated based on its severity, potential impact, and reproducibility.
  3. No Compensation: We do not pay monetary rewards or bonuses for vulnerability reports. Paid engagements are reserved exclusively for contracted partners.
  4. Legal Safe Harbor: As long as you follow the guidelines outlined in this policy, we will not pursue legal action against you for your security research efforts.
  5. Non-Bounty Submissions: Submissions sent to security@brandbastion.com are treated as responsible disclosure only and are not eligible for monetary rewards.

 

Reward Eligibility

  • We only provide bounties for vulnerabilities submitted through our private HackerOne program.
  • Reports sent directly to security@brandbastion.com will not be eligible for rewards.
  • If you're interested in joining our private HackerOne program, see below.

 

Join Our Private Bug Bounty Program

We maintain a private bug bounty program on HackerOne. If you'd like to be considered for an invitation:

  • Email us at security@brandbastion.com
  • Include your HackerOne profile and a brief summary of your experience or prior research

We evaluate invite requests based on prior submissions, credibility, and need.

 

Responsible Disclosure Guidelines

To help us address the reported issue efficiently:

  • Provide a detailed description of the vulnerability.
  • Include steps to reproduce the issue, relevant artifacts, or any evidence demonstrating its impact.
  • Allow us a reasonable amount of time to address the vulnerability before publicly disclosing it.

 

What We Ask From You

  • Refrain from exploiting the vulnerability beyond what is necessary to demonstrate it.
  • Avoid accessing or compromising data that does not belong to you.
  • Do not engage in activities that could disrupt our systems or services.

 

What You Can Expect From Us

We will evaluate reports and address valid reported issues as quickly as possible. However, we will only engage directly with contracted partners for further discussions or collaborations.

Thank you for your efforts in helping us maintain a secure environment for our users. We appreciate your cooperation and responsible actions.