Bug Bounty Program

Hello, researcher!

Protecting our community's privacy and security is among our highest priorities. Help us track down vulnerabilities and get paid a bounty.

We invite security researchers to investigate vulnerabilities in Robin the Robot, so long as your research follows this responsible research and disclosure policy.

What you need to do

Avoid harm or risk to Robin the Robot, our users, or third parties Don't disclose without our agreement Report through a legitimate channel

What you can't do

No privacy violations No deletion or damage of resources No lasting harm Nothing that degrades our service No creation or sharing of inappropriate content No targeting our staff, investors or physical environment

How we'll respond

If you follow these guidelines we commit to:

Not pursuing or supporting legal action related to your research Working with you to understand issues, and resolve them if Robin the Robot considers it necessary Taking steps to make it known that your actions were conducted in compliance with these guidelines if a third party initiates legal action against you in connection with activities in our programs scope

Rewards

As part of encouraging security researchers to put our security to the test, we offer a variety of rewards for doing so if:

The reported vulnerability is verifiable It hasn't been reported already You've conducted your activities in a manner consistent with our guidelines

Rewards are provided at Robin the Robot's discretion based on the severity of the bug and the quality of the report.