At Flamingo, we take the security of our platform and data seriously. To enhance our security measures and protect our users, we invite skilled security researchers to help us identify potential vulnerabilities through our Bug Bounty Program.
We value the efforts of the security community and offer rewards to those who responsibly disclose vulnerabilities in our systems. By participating in this program, you contribute to maintaining the trust and safety of our users, clients, and platform.

Program Scope

We are interested in vulnerabilities that could affect the confidentiality, integrity, or availability of our platform and user data. The types of vulnerabilities we are particularly keen on addressing include, but are not limited to:

• Authentication and Authorization Flaws
• Cross-Site Scripting (XSS)
• SQL Injection
• Server-Side Request Forgery (SSRF)
• Privilege Escalation

Out-of-scope issues include:

• Denial of Service (DoS)
• Issues relating to outdated browsers
• Vulnerabilities in third-party services or platforms that we use

Reporting Guidelines

• Please provide detailed reports with the necessary steps to reproduce the vulnerability.
• We encourage good faith research and expect all findings to be submitted responsibly, without impacting the privacy, safety, or data of our users.
• Do not publicly disclose vulnerabilities until they have been addressed and you have received confirmation from us.

Rewards

Our Bug Bounty Program offers rewards based on the severity and impact of the reported vulnerability. All rewards are determined at our discretion.

We leverage the our internal ticketing system to manage our Bug Bounty Program. You can submit your findings through our program by emailing Support@getflamingo.com