Protecting our community’s privacy and security is among our highest priorities. Help us track down vulnerabilities and get paid a bounty.
We invite security researchers to investigate vulnerabilities in TREBEL, so long as your research follows this responsible research and disclosure policy.
✅ What you need to do
- Avoid harm or risk to TREBEL, our users, or third parties.
- Don’t disclose without our agreement.
- Report through a legitimate channel.
❌ What you can't do
- No privacy violations.
- No deletion or damage of resources.
- No lasting harm.
- Nothing that degrades our service.
- No creation or sharing of inappropriate content.
- No targeting our staff, investors or physical environment.
How we'll respond
If you follow these guidelines we commit to:
- Not pursuing or supporting legal action related to your research.
- Working with you to understand issues, and resolve them if TREBEL considers it necessary.
- Taking steps to make it known that your actions were conducted in compliance with these guidelines if a third party initiates legal action against you in connection with activities in our programs scope.
As part of encouraging security researchers to put our security to the test, we offer a variety of rewards for doing so if:
- The reported vulnerability is verifiable
- It hasn't been reported already
- You've conducted your activities in a manner consistent with our guidelines
Rewards are provided at TREBEL's discretion based on the severity of the bug and the quality of the report.