Bug Bounty Program

About

We take security very seriously. Thank you for taking the time to responsibly disclose any issues you find.

FilePreviews builds and maintains a suite of solutions for the document management industry. Since we handle files and user data, security and privacy are our top priorities.

With this in mind, we remain committed to working with security researchers and alongside the security community, and will maintain trust, respect, and transparency that aligns with our commitment to security and privacy.

Targets

In scope:

Target name Type
https://api.filepreviews.io API / Website

Other domains or subdomains not listed above and 3rd party services, are not in scope and will not qualify for a bounty.

Out of scope:

To qualify for a bounty you must:

Reports must include the following:

The following finding types are specifically excluded from the bounty

Rules

Safe Harbor

When conducting vulnerability research according to this policy, we consider this research to be:

If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please submit a report through this program, or inquire via https://filepreviews.io/help before going any further.

Submitting report

All security bugs must be reported via email: security[at]filepreviews.io. These are delivered to a subset of the team who handle security issues. Your report will be acknowledged within 24 hours, and you'll receive a more detailed response to your report within 48 hours indicating the next steps in handling your report.

After the initial reply to your report, the security team will endeavor to keep you informed of the progress being made towards a fix and full announcement. These updates will be sent at least every five days. In reality, this is more likely to be every 24-48 hours.

If you have not received a reply to your report within 48 hours, or have not heard from the security team for the past five days, there are a few steps you can take:

  1. Contact our security team via email: security[at]filepreviews.io.
  2. Contact the current security coordinator directly: José Padilla (jpadilla[at]filepreviews.io).
  3. Contact our support team on https://filepreviews.io/help.
  4. Send a direct message on Twitter to https://twitter.com/filepreviews.

If you have any suggestions to improve this policy, please send a message via https://filepreviews.io/help.

Rewards

For the initial prioritization and rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

Hall of Fame