Herohero Bug Bounty Program A. What it means We make sure that all users of our platform (both creators and subscribers) are protected from any cyber-security dangers. We do this by having an experienced IT team on board, as well as by listening to your complaints. One of the instruments we’d like to incentivize more is responsible disclosure of security vulnerabilities. If you find any software vulnerability in our systems, we’d be happy to hear from you, and if you qualify, pay you a reward. B. How it works - You discover any qualified software vulnerability in good faith, cooperate with us on the solution and we provide you a reward. If, on the other hand, your activities are not carried out in good faith, we reserve the right to deem your actions unlawful. We will consider your actions malicious especially (although not exclusively) when you blackmail us or any of our partners or users, or if the vulnerability is used to bring harm or harass our users. In that case, we will not pay you any reward. - Any auto-generated/spammy/unsigned reports of low importance will be ignored. C. Compliance Our bug bounty program is designed to comply with vulnerability disclosure good practice. It does not authorize you to act in any manner that violates the law, or which might cause us or our partners to be in violation of the law. D. Scope - The scope of our bug bounty program includes software vulnerabilities of services and domains owned/managed by us. - Services provided by third parties are not included (eg. running on some of our subdomains). - Vulnerabilities that are made public prior or after rectification, vulnerabilities that are already known to us, are in the process of rectification or vulnerabilities that do not pose any threats and do not require immediate attention do not qualify for the reward. E. Prohibited actions: The following activities are prohibited and are thus out of scope: - Denial of service - Spamming - Social engineering - Physical access - Attacking non-internet facing systems - Installing persistent backdoors - Irreversible damage to systems and/or data corruption - Non-coordinated vulnerability disclosure - UI and UX bugs and spelling mistakes