To join the program you should read this whole page, and only proceed if you are OK with everything.
If you disclose your findings responsibly, we will not bring any lawsuit against you or launch any investigation into you. The most important rules of responsible disclosure are:
* Never ever try to access somebody else’s account or infographics, please always use your own account(s) for testing!
* Don’t test for DoS issues, launch social engineering attacks, or spam us or our users!
* If you find something, please provide us enough information to reconstruct the attack and give us enough time to respond to your report before you make it public!
What is the bounty?
Please be aware that although we will be very grateful for your submissions, at the moment we cannot give you cash rewards.
While researching, we'd like to ask you to refrain from:
* Denial of service
* Social engineering (including phishing) of Infogram staff or contractors
* Any physical attempts against Infogram property or data centers
I found something, how do I send you a report?
Just drop a mail to firstname.lastname@example.org with enough information for us to reconstruct the attack. We’ll reach out to you once we have processed your mail. In case you have found multiple vulnerabilities, please send them in separate emails to help us keep track of them.
Other legal notices
* General warning: please try not to be destructive, use automated tools with care.
* Please don’t make your findings public until we explicitly allow you to do so. We will try to do our best to be really quick. But after the fix is out and making the details public doesn't compromise our users safety, we absolutely encourage you to write a blog post (or create an infographic!) about how you demonstrated that our system sucked!
* The program is not open for individuals on sanctions lists or individuals in countries on sanctions lists.
* You are responsible for any tax implications or additional restrictions depending on your country and local law.
* We reserve the right to cancel this program at any time and the decision to pay a reward is entirely at our discretion.
* You must not violate any law. You also must not disrupt any service, or compromise anyone’s data.
Thank you for helping keep Infogram and our users safe!
Hall of Fame