While KIWI.KI strives to provide a highly secure and privacy-sparing service, we understand that no technology is perfect. We believe that working with security researchers is absolutely crucial in identifying and solving weaknesses with our system. If you believe you've found a security issue in one of our products or services, we encourage you to notify us. We welcome working with you to resolve the issue promptly.
To show our appreciation of responsible security researchers, KIWI.KI offers a monetary bounty for reports of qualifying security vulnerabilities. Reward amounts will vary based upon the severity of the reported vulnerability, and eligibility is at our sole discretion. Current or former employees of KIWI.KI and their families are excluded from the bounty program.
Security researchers may elect to donate their bounty to a non-profit organization of their choice. In this case, the bounty amount will be doubled.
Unless otherwise requested, we will post the information of researchers who have submitted valid reports on our website.
Currently, our focus is on the customer-facing products and services that KIWI.KI provides. Security and privacy are prioritized equally.
A word to scope: The scope as outlined below is what we have set a bounty on, as they are the most safety- and privacy-critical. Our main website, analytics suites, web-attached CRM systems, or other ancillary services are not covered by our bounty (but we appreciate the help!)
While researching, we'd like to ask you to refrain from:
Thank you for helping keep KIWI.KI and our users safe!
This program have been found on Hackerone on 2016-02-24.