Updated December 10, 2024
Responsible Disclosure Policy
Security is a top priority for Pipe and we believe that working with skilled security researchers can identify weaknesses in any technology. To recognize their efforts and the important role they play in keeping Pipe and our users safe for everyone we offer a bounty for reporting certain qualifying security vulnerabilities. Please review the rules of engagement as well as how to participate in our private bug bounty program with HackerOne.
If you believe you’ve discovered a potential vulnerability or are interested in working with us to find potential vulnerabilities, please read the Responsible Disclosure policy below. By submitting vulnerability reports you agree that you’ve read, understood, and will follow our Responsible Disclosure Policy.
Rules of Engagement
Be careful with sensitive information. If sensitive information such as personal information or user credentials are uncovered as part of your research, stop and report it to us immediately. Do not save, store, copy, or otherwise retain sensitive information, and work with us on any additional requests we may have.
Test responsibly. Only interact with and test bugs against accounts you own. Reach out to us if you need help with testing cross-account issues. Perform testing only on in-scope systems, and respect systems and activities which are out-of-scope. Keep the details of any discovered vulnerabilities confidential until they are authorized for release by the Pipe security team.
Do not cause harm. Do not engage in activities that disrupt, damage, or otherwise cause harm to or defraud Pipe, our users, our employees, or our brand — including denial of service attacks, social engineering, phishing, spam, social media scams, fraudulent transactions, or physical attacks.
Violation of any of our Rules of Engagement may result in (but is not limited to) ineligibility for a bounty and/or permanent disqualification from receiving a bounty for future vulnerability reports.
Vulnerability Reporting
If you discover a vulnerability, please email the details of your findings along with replication steps to security@pipe.com
Contact us