🛡️ Dapvox Security & Bug Bounty Program

1. Introduction

We value the security of our systems and the privacy of our users. To strengthen our defenses, we invite security researchers and ethical hackers to test our platform under the guidelines defined in this document.

This policy serves as official authorization for approved security testing and outlines the scope, rules, and rewards for responsible disclosure.

2. Authorization

We grant permission to conduct penetration testing and vulnerability research against our assets listed below, provided all testing complies with this policy.

Activities performed in accordance with this policy are considered authorized, and we will not pursue legal action against researchers acting in good faith.

3. Scope

In Scope

• *.dapvox.com

Out of Scope

• Third-party services not owned by dapvox.com
• Payment processors (Stripe, PayPal, etc.)
• Infrastructure providers (AWS, Cloudflare unless directly affecting dapvox)
• Social engineering (phishing, vishing, etc.)
• Physical attacks
• Denial of Service (DoS / DDoS)
• Automated scanning that degrades performance

4. Allowed Testing Methods

• Manual penetration testing
• Automated tools (with reasonable rate limiting)
• Vulnerability scanning
• Client-side reverse engineering

5. Responsible Disclosure Guidelines

1. Report vulnerabilities promptly
2. Provide clear reproduction steps
3. Include proof of concept (PoC)
4. Avoid public disclosure before fix
5. Allow reasonable time for patching (30–90 days)

6. Reward Program 💰

Severity	Reward Range
Critical	$500 – $5,000+
High	$200 – $1,000
Medium	$50 – $300
Low	Recognition / Swag

Bonus Rewards

• First valid report
• High-quality write-ups
• Novel attack techniques

7. Safe Harbor

• No legal action against compliant researchers
• Collaboration to resolve issues
• Public recognition (optional)

8. Reporting

Submit findings to: security@dapvox.com

• Description
• Steps to reproduce
• Impact assessment
• Screenshots / PoC

9. Hall of Fame

We proudly recognize contributors who help improve our security. (Your name could be here!)

10. Legal

This policy is governed by applicable laws. Participation implies agreement to these terms.

11. Final Notes

We appreciate the effort and skill of the security community. Your work helps us build a safer platform for everyone.