Security is our topmost priority

Floatbot recognizes the value security researchers can bring to Floatbot’s platform and who help us make internet a safer place. Security researchers play an integral role in the ecosystem by discovering vulnerabilities missed in the software development process.

If you believe that you have discovered a security vulnerability on Floatbot’s website or platform, we encourage you to report it to us straightaway. We will look into it and do our best to fix the bug quickly.

To report a potential security issue or vulnerability, please submit a report via email to Bugbounty@floatbot.ai, We will revert back in 14 to 21 working days. Please, encrypt all email messages containing information related to potential security vulnerabilities. If you are having trouble encrypting your vulnerability report or have any questions about the process send a message to Bugbounty@floatbot.ai We will work with you to identify a method to securely transmit your vulnerability report.

In the report please include the following information

  • The name(s) of the Floatbot product or technology and the respective version information.
  • Detailed description of the potential security vulnerability.
  • Proof-of-concept that details the reproduction of the potential security vulnerability.

The more details provided in the initial report, the easier it will be for us to evaluate your report.

Reporter Eligibility Criteria

  • You are reporting in your individual capacity or, if you are employed by a company or other entity and are reporting on behalf of your employer, you have your employer’s written approval to submit a report to Floatbot’s Bug Bounty program.
  • You are at least 18 years of age, and, if considered a minor in your place of residence, you have your parent’s or legal guardian’s permission prior to reporting.
  • You are not a resident of a U.S. Government embargoed country.
  • You are not on a U.S. Government list of sanctioned individuals.
  • You are not currently nor have been an employee of Floatbot Inc, or an Floatbot subsidiary or Floatbot affiliated company, within 24 months prior to submitting a report.
  • You are not currently nor have been under contract to Floatbot Inc, or an Floatbot subsidiary or Floatbot affiliated company, within 24 months prior to submitting a report.
  • You are neither a family nor household member of any individual who currently or within the past 24 months meets or met the criteria listed in the two bullet points directly above.
  • You agree to participate in testing mitigation effectiveness and coordinating disclosure/release/publication of your finding with Floatbot.
  • You did not and will not access any personal information that is not your own, including by exploiting the vulnerability.
  • You did not and will not violate any applicable law or regulation, including laws prohibiting unauthorized access to information. To clarify, Floatbot does not view testing that is done in compliance with the terms and conditions of this bug bounty program as unauthorized.
  • There may be additional restrictions on your eligibility to participate in the bug bounty depending upon your local laws.

If at any point while researching a vulnerability, you are unsure whether you should continue, immediately send a message to Bugbounty@floatbot.ai

Bug Bounty Awards

  • Eligibility for any bug bounty award and award amount determinations are made at Floatbot’s sole discretion. These are some general guidelines that may vary from published documentation:
  • based on the potential impact of the security vulnerability
  • for well-written reports with complete reproduction instructions / proof-of-concept (PoC) material. See the eligible report requirements above.
  • if a functional mitigation or fix is proposed along with the reported vulnerability.
  • Floatbot will award a bounty award for the first eligible report of a security vulnerability.
  • Awards are limited to one (1) bounty award per eligible root-cause vulnerability.
  • Floatbot will award a bounty $100 depending on the vulnerability type and originality, quality, and content of the report.
  • Floatbot will publicly recognize awarded security researchers via Floatbot Security Advisories at or after the time of public disclosure of the vulnerability, in coordination with the security researcher who reported the vulnerability.
  • Award amounts may change with time. Past rewards do not necessarily guarantee the same reward in the future.

If you have information about a security issue or vulnerability, please send an e-mail to Bugbounty@floatbot.ai Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

  • The products and versions affected
  • Detailed description of the vulnerability
  • Information on known exploits