Givzey Bug Bounty Program

Scope of Testing

The following systems and subdomains are within the scope of this bug bounty program:

• Sandbox Subdomains: dev.givzey.com

dev.version2ai.com

Out of Scope:

• Root domains: app.givzey.dom and version2ai.com and any other subdomains or associated services.
• Any third-party services integrated with our platform.
• Infrastructure or services (unless explicitly stated).

Eligibility

To qualify for a bounty, you must:

1. Adhere to the guidelines of this policy.
2. Report a vulnerability that is previously unknown to us.
3. Avoid violating the terms of service app.givzey.com or version2ai.com or any third-party services.

Rules of Engagement

By participating in our bug bounty program, you agree to the following rules:

1. Authorized Testing: Only test the systems explicitly stated as "in scope." Do not attempt to compromise or disrupt any services outside the scope, including our root domain or third-party systems.
2. No DDoS Attacks: You may not perform Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks.
3. Legal Compliance: Your testing must comply with all applicable local and international laws.
4. Responsible Disclosure: You must privately disclose vulnerabilities to us. Do not publicly share or exploit any vulnerabilities you discover. Failure to follow responsible disclosure guidelines will result in disqualification from receiving a bounty.
5. No Data Theft: Do not access, download, or modify any data beyond what is necessary to demonstrate a vulnerability. Exfiltration of sensitive or personal data is strictly prohibited.
6. Impact Testing: Limit your tests to avoid disruption of services. If you identify a vulnerability that allows for elevated privileges or other significant issues, stop testing and report it immediately.
7. Duplicate Reports: Only the first person to report a unique vulnerability will be eligible for a reward.
8. Respect Our Users: Do not intentionally harm users, invade their privacy, or disrupt their experience.
9. No Social Engineering: Do not engage in social engineering attacks (e.g., phishing) against our employees, contractors, or users.

Exclusions

The following types of vulnerabilities are out of scope for this bug bounty program:

• Issues that require social engineering.
• Issues related to rate limiting or brute force attacks.
• Vulnerabilities that require physical access to the user's device.
• Previously known vulnerabilities or those that have been publicly disclosed.
• Bugs in third-party applications or services that are not app.givzey.com's or version2ai.com's control.

Report Submission

To submit a vulnerability:

1. Provide a clear and concise description of the vulnerability, including steps to reproduce it.
2. Include any supporting documentation, such as screenshots or code snippets.
3. Send your report to security@givzey.com. Do not disclose the vulnerability publicly.

We will review your submission, verify the issue, and determine the severity based on the potential impact on our users and infrastructure.

Bounty Rewards

The decision to pay a bounty is entirely at our discretion. If your submission is eligible for a reward, we will contact you via the method used for submission to arrange payment (PayPal, bank transfer, etc.).

Legal Considerations

By participating in this program, you acknowledge that:

1. You will not bring legal action for Givzey for testing within the scope of this bug bounty.
2. Givzey will not pursue legal action against you for participating in the bug bounty program, provided that you follow the rules outlined here.
3. You are responsible for your own legal compliance. If your local laws prohibit you from participating in this bug bounty program, do not participate.

Program Termination

We reserve the right to terminate this bug bounty program or change its terms at any time. Any changes will be communicated to participants via our official communication channels.