Get Started

PRIZ Guru’s Responsible Disclosure Policy

Effective starting: October 1, 2021

PRIZ Guru understands that the protection of customer data is a significant responsibility and requires our highest priority. We, therefore, take the security of our systems extremely seriously, and we genuinely value the assistance of security researchers and others in the security community to assist in keeping our systems secure. The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users.

There are a few guiding principles that we would really appreciate researchers adhering to:

Guidelines For Responsible Disclosure

We require that all researchers:

If you follow these guidelines when reporting an issue to us, we commit to:

In Scope

Out of Scope

Any services hosted by third-party providers and services are excluded from the scope. These services include:

In the interest of the safety of our users, staff, the Internet at large, and you as a security researcher, the following test types are excluded from scope:

Qualifying Security Bugs

What is a qualifying vulnerability?

Web application vulnerabilities such as XSS, XXE, CSRF, SQLi, Local or Remote File Inclusion, authentication issues, remote code execution, and authorization issues, privilege escalation, and clickjacking. The vulnerability must be in one of the services named in the Scope section above. You must be the first researcher to responsibly disclose the vulnerability and you must follow the responsible disclosure principles set out in this policy, which include giving us a reasonable amount of time to address the vulnerability. A reasonable amount of time will be agreed upon with you following the disclosure of the vulnerability.

What is not a qualifying vulnerability?

Each submission will be evaluated on a case-by-case basis, here is a list of some of the issues which don’t qualify as security vulnerabilities

How To Report A Security Vulnerability?

If you believe you’ve found a security vulnerability in one of our products or platforms please report it by emailing our security team. Please include the following details with your report:

Security Research Hall of Fame

PRIZ Guru would like to publicly convey our deepest gratitude to the following security researchers for responsibly disclosing vulnerabilities and working with us to remediate them. Your legendary efforts are truly appreciated by PRIZ Guru team.