Datazoom Bug Bounty Program

We are dedicated to maintaining the security and privacy of the Datazoom services and customer data. We welcome security researchers from the community who want to help us improve our products and services.
01

Are You a Security Researcher or Developer? The Datazoom Bug Bountry Program Could Net You Some Cash!

Help Us Improve Our Platform

If you discover a security vulnerability, please give us the chance to fix it by emailing us at security@datazoom.io. Publicly disclosing a security vulnerability without informing us first puts the rest of the community at risk. When you notify us of a potential problem, we will work with you to make sure we understand the scope and cause of the issue. Thank you for your work and interest in making the community safer and more secure!
02

Follow The Rules. Help Datazoom. Get Paid.

Datazoom Bug Bounty Program Details

If you would like to be eligible for a bounty, please read this carefully.

Rules

  • NEVER attempt to gain access to another user’s account or data.
  • NEVER attempt to degrade the services.
  • NEVER impact other users with your testing.
  • Test only on in-scope domains, listed below.
  • Do not use fuzzers, scanners, or other automated tools to find vulnerabilities.

Doing any of the above will render you ineligible for cash bounties and prizes.

Rewards

The amount of any reward is not predetermined. Any rewards paid out as part of this program are at the sole discretion of Datazoom.

Whether or not a reward is issued and the amount of any reward depends on a number of factors, including:

  • the care with which you carry out your investigations;
  • the quality of the information you provide;
  • the amount of any loss or damage the information you provide prevents from being incurred.
If the security team needs no further information to reproduce the bug, the team will respond in 4-6 weeks with an email regarding payment (if appropriate).
 
If your bug is accepted by our security team, create an account in Bugcrowd as a researcher and send your Bugcrowd account email to security@datazoom.io. Make sure to keep the same email thread for all communications related to a particular bug report.
 

In-Scope Services

Only the following services are in-scope:

  • app.datazoom.io
  • platform.datazoom.io
  • broker.datazoom.io
  • streaming.datazoom.io

Please do not test or report issues with services not listed here.

Out-of-Scope Issues

The following types of reports/attacks are out of scope. Please do not attempt them:

  • Reports about any service not listed under “In-Scope Services,” above
  • DOS attacks
  • Brute force attacks
  • Physical vulnerabilities
  • Social engineering attacks, including but not limited to:
    • phishing
    • email auth (SPF, DKIM, etc.)
    • hyperlink injection in emails
  • CSRF on forms that are available to anonymous users (e.g., signup, login, contact, Intercom)
  • Self-XSS and issues exploitable only through self-XSS
  • Clickjacking and issues only exploitable through clickjacking
  • Descriptive error messages (e.g. stack traces, application or server errors)
  • HTTP 404 codes/pages or other HTTP error codes/pages
  • Banner disclosure on common/public services
  • Disclosure of known public files or directories, (e.g. robots.txt)
  • Presence of application or web browser “autocomplete” or “save password” permission
  • User enumeration on login
  • Absence of rate limits

ABOUT

LEGAL RESOURCES

Scroll to Top