VoiceDrop Bug Bounty Program
Security is core to how we operate. We welcome and reward responsible disclosure of vulnerabilities from the security research community.
Responsible disclosure
We take the security of our platform and our customers' data seriously. If you believe you've found a security vulnerability in any VoiceDrop product or service, we encourage you to report it to us privately so we can investigate and remediate it before it is publicly disclosed.
Please give us a reasonable amount of time to respond and fix an issue before making any information public, and make a good-faith effort to avoid privacy violations, data destruction, and service interruption during your research.
Scope
In-scope targets include the VoiceDrop web application, our public API, and our marketing website. Out-of-scope issues typically include reports from automated scanners without a working proof of concept, social engineering, denial-of-service attacks, and vulnerabilities in third-party services we use.
Rewards
Rewards are determined based on the severity and impact of the reported vulnerability, following industry-standard practices. High-impact, well-documented reports with a clear proof of concept receive the highest rewards.
How to report
Send a detailed report - including reproduction steps, affected endpoints, and a proof of concept - to our security team. We'll acknowledge your report, keep you updated on our progress, and credit you once the issue is resolved (if you'd like).