Monosnap Team cares about protection of our customer's data seriously. We are committed to working with security researches to verify and fix any potential reported vulnerabilities.
If you believe you've found any kind of vulnerability bugs on Monosnap, please contact us in a right way as described below. Monosnap Security Team will investigate your report and do all the best to resolve reported problems.
What is a Bug Bounty Program?
A bug bounty program (“Program”) permits independent researchers to report the discovered security issues, bugs or vulnerabilities in Monosnap services (“Bug”) for a chance to earn rewards in the amount determined by Monosnap for being the first one to discover a Bug, subject to compliance with eligibility and participation requirements (“Bounty”).
Before reporting a Bug, please review these Bug Bounty Program Terms and Conditions (“Terms”). These Terms are concluded between You and Monosnap Inc. (“Monosnap”). By submitting any Bug to Monosnap or otherwise participating in the Program, You agree to comply with these Terms. All matters not covered by these Terms shall be governed by the provisions of the Terms of Service. In case of any inconsistency or discrepancy between the Terms of Service and these Terms with regard to the Program, the Terms shall prevail.
If You do not agree with these Terms, please do not send any Submission (as defined below) to Monosnap or otherwise participate in this Program.
To be eligible to participate in the Program, You shall comply with all the following requirements:
- You are at least 16 years of age or older. If You are 16 years of age, but are considered a minor in Your place of residence, You must obtain Your parent’s or legal guardian’s written consent to participate in this Program; failure to provide such consent upon Monosnap request will lead to Your disqualification from the Program;
- You are an individual researcher participating in the Program in Your own capacity; if You work for an organization, it is Your responsibility to comply with Your employer’s rules and policies that would affect Your eligibility to participate in the Program;
- You are not an employee or an external staff member of Monosnap or its affiliate;
- You are not an immediate family member of an employee or an external staff member of Monosnap or its affiliate;
- You act in compliance with the national, state and local laws and regulations;
- You are neither residing in a country which is on the EU or the USA trade or economic sanctions list, neither you are a person subjected to sanctions or restrictions imposed by the EU or the USA.
When performing Your research, You shall always act in good faith, You shall neither modify any files or data, nor intentionally view or access any data beyond what is needed to prove the vulnerability. Monosnap does not allow any actions that could negatively impact Monosap’s services or the experience on Monosnap’s website or apps.
The Bugs identified by You shall be privately sent to email@example.com. Once the Bug is sent to Monosnap, it becomes a “Submission”. For all Submissions, please include a full description of the vulnerability being reported, including the exploitability and impact, evidence and explanation of all steps required to reproduce the Submission. Please refer to the table below to make sure Your Submission is eligible. Depending on the detail of Your Submission, Monosnap may award a Bounty of varying scale. Monosnap will make its best efforts to respond to Your Submission promptly. However, the time of response may vary depending on the complexity and completeness of Your Submission.
By providing a Submission or agreeing to the Program Terms, You agree that You may not publicly disclose Your findings or the contents of Your Submission to any third parties in any way without Monosnap’s prior written approval.
Bugs that are eligible for submission
|Severity||Bugs||Max Bounty Payout|
||up to 400 USD|
||up to 200 USD|
||up to 100 USD|
||up to 25 USD|
❌ Prohibited types of security research
- Performing actions that may negatively affect Monosnap's users;
- Performing actions that may negatively affect the work of Monosnap service;
- Attempting to access any data or information that doesn't belong to You;
- Destroying data or information that doesn't belong to You;
- Corrupting data or information that doesn't belong to You;
- Conducting any types of attack on Monosnap;
- Using social engineering aimed at Monosnap personnel or contractors;
- Violating any laws or agreements to discover vulnerabilities.
⚠️ Bugs that are not eligible for submission
- Previously submitted bugs;
- Any other submission determined to be medium or low severity, based on unlikely or theoretical attack vectors, requiring significant user interaction, or resulting in minimal impact.
A Bounty to the Program participant is paid in proportion to the severity of the identified Bug. Only Bugs acknowledged by Monosnap are rewarded.
You may be eligible to receive a Bounty payment if:
- You are the first person to submit a Bug;
- The Bug You’ve submitted is determined to be a valid security issue by Monosnap; and
- You have complied with all Program Terms.
The amount of Bounty payments, if any, will be determined by Monosnap, in Monosnap’s sole discretion, depending on the sensitivity of the data impacted, ease of exploit and overall risk to Monosnap services. The decisions made by Monosnap regarding the Bounty payments are final and binding.
If Monosnap determines that Your Submission is eligible for a Bounty payment, Monosnap will notify You of the Bounty amount and will request You to provide certain information to be able to process Your Bounty payment in compliance with applicable legal requirements.
Monosnap will not be liable for the delay in payments due to inaccuracy of the provided data. Monosnap will not be able to process the payment until the requested information is provided by You. You may waive the Bounty payment if You do not wish to receive a Bounty or do not want to provide the requested information. You agree that Monosnap will process the provided information in order to make a Bounty payment under the Program in accordance with the Terms. Monosnap ensures the security of the data obtained through Your participation in the Program. The personal data shall be used to the extent it is required in order to implement the present Terms.
You will be responsible for any tax implications related to Bounty payments You receive, as determined by the laws of Your jurisdiction of residence or citizenship.
As a condition of participation in the Program, by providing any Submission to Monosnap You grant Monosnap , its subsidiaries and affiliates the following non-exclusive, irrevocable, perpetual, royalty free, worldwide, sub-licensable license to the intellectual property in Your Submission: (i) to use, review, assess, test, and otherwise analyze Your Submission; (ii) to reproduce, modify, distribute, display and perform publicly, and commercialize and create derivative works of Your Submission and all its content, in whole or in part; and (iii) to use Your Submission and all of its content for the marketing, sale, or promotion purposes. You agree to sign any documentation that may be required for Monosnap or its designees to confirm the rights You granted above. You understand and acknowledge that Monosnap may have developed or commissioned materials similar or identical to Your Submission, and You waive any claims you may have resulting from any similarities to Your Submission. You understand that You are not guaranteed any compensation or credit for the use of Your Submission. You represent and warrant that Your Submission is Your own work, that You have not used information owned by another person or entity, and that You have the legal right to provide the Submission to Monosnap.
Any information you receive or collect about Monosnap or its services and tools through the Program (“Confidential Information”) must be kept confidential and only used in connection with the Program. You may not use, disclose or distribute any such Confidential Information, including, but not limited to, any information regarding Your Submission and information You obtain when researching the Monosnap site, services or apps, without Monosnap’s prior written consent.
Monosnap may immediately terminate Your participation in the Program and disqualify You, if one of the following occurs:
- You breach any provision of these Terms;
- Your participation in the Program could adversely impact Monosnap, its services, products or users;
- You are not acting in good faith when investigating and reporting vulnerabilities to Monosnap.
If You wish to opt-out of the Program and not be considered for the Bounties, contact Monosnap at firstname.lastname@example.org.
Changes to the Program and Terms
Monosnap may at its sole discretion change or cancel the Program at any time for any reason, without notice to You.
Monosnap may at its sole discretion amend the Program Terms at any time by posting the amended version of Terms on monosnap.com. By continuing to participate in the Program after Monosnap posts any such changes, You accept the Program Terms, as modified.
TO THE FULLEST EXTENT PROVIDED BY LAW MONOSNAP, ITS SUBSIDIARIES AND ITS AFFILIATES HEREBY DISCLAIM ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, GUARANTEES OR CONDITIONS WITH RESPECT TO THE PROGRAM. YOU UNDERSTAND THAT YOUR PARTICIPATION IN THE PROGRAM IS AT YOUR OWN RISK. THE FOREGOING DOES NOT AFFECT ANY WARRANTIES THAT CANNOT BE EXCLUDED OR LIMITED UNDER THE APPLICABLE LAW.
Limitation of Liability
TO THE FULLEST EXTENT PROVIDED BY LAW, IN NO EVENT WILL MONOSNAP, ITS SUBSIDIARIES AND AFFILIATES, OR THEIR LICENSORS, SERVICE PROVIDERS, EMPLOYEES, AGENTS, OFFICERS, OR DIRECTORS BE LIABLE FOR DAMAGES OF ANY KIND, UNDER ANY LEGAL THEORY, ARISING OUT OF OR IN CONNECTION WITH YOUR PARTICIPATION IN THE PROGRAM.
YOU HEREBY EXPRESSLY WAIVE ALL RIGHTS TO SEEK, PUNITIVE, INCIDENTAL, CONSEQUENTIAL OR SPECIAL DAMAGES, LOST PROFITS AND/OR ANY OTHER DAMAGES, OTHER THAN ACTUAL EXPENSES NOT TO EXCEED 10 (TEN) USD, AND/OR ANY RIGHTS TO HAVE DAMAGES MULTIPLIED OR OTHERWISE INCREASED.
These Terms are construed in accordance with and shall be governed by the Laws of the State of Delaware (USA), without giving effect to any conflict of law or choice of law provisions.
As a condition of participating in the Program, You agree that any and all claims, disputes that cannot be resolved between the parties, and causes of action arising out of or connected with this Program, shall be resolved individually, without resort to any form of class action, exclusively before a court located in the State of Delaware, USA having appropriate jurisdiction.
The invalidity, illegality or unenforceability of these Terms or any provision thereof shall not affect the validity or enforceability of any other provision of these Terms. If any provision of these Terms is determined to be invalid, illegal or unenforceable, the other provisions will remain in effect and will be construed in accordance with their terms as if the invalid or illegal provision was not contained herein.
❤️ To thank every individual security researcher who helps us improve Monosnap.