Hello, researcher!

Protecting our community’s privacy and security is among our highest priorities. Help us track down vulnerabilities and get paid a bounty.

We invite security researchers to investigate vulnerabilities in TREBEL, so long as your research follows this responsible research and disclosure policy.

✅ What you need to do

  • Avoid harm or risk to TREBEL, our users, or third parties.
  • Don’t disclose without our agreement.
  • Report through a legitimate channel.

❌ What you can't do

  • No privacy violations.
  • No deletion or damage of resources.
  • No lasting harm.
  • Nothing that degrades our service.
  • No creation or sharing of inappropriate content.
  • No targeting our staff, investors or physical environment.

How we'll respond

If you follow these guidelines we commit to:

  • Not pursuing or supporting legal action related to your research.
  • Working with you to understand issues, and resolve them if TREBEL considers it necessary.
  • Taking steps to make it known that your actions were conducted in compliance with these guidelines if a third party initiates legal action against you in connection with activities in our programs scope.


As part of encouraging security researchers to put our security to the test, we offer a variety of rewards for doing so if:

  • The reported vulnerability is verifiable
  • It hasn't been reported already
  • You've conducted your activities in a manner consistent with our guidelines

Rewards are provided at TREBEL's discretion based on the severity of the bug and the quality of the report.

Report a vulnerability

Summary Title

Technical Severity

Vulnerability details

For example: https://secure.server.com/some/path/file.php

Describe the vulnerability and its impact. Provide a proof of concept or replication steps. Maximum 10,000 characters.

Maximum 10,000 characters.