CoinJar

As part of our ongoing effort to keep your money safe and information secure, we run a bug bounty program. If you discover a security related issue in our software, we'd like to work with you to fix it and reward you for your assistance.

###Rewards We will award an amount in bitcoin on a case by case basis depending on the severity of the issue. Please note that we only award one bounty per bug.

###Responsible disclosure To be eligible for the bug bounty, you:

• Must inform us before posting the exploit anywhere, and allow us sufficient time to patch the issue.

• Can not exploit, steal money or information from CoinJar or its customers. If the exploit requires account access, you must use your own.

• Must not defraud CoinJar or any of its customers.

If you are in doubt about anything, please email us with any questions at [email protected]. Provided the above rules are followed, and you operate in good faith, we will not bring legal action against you.

###Eligible bounties Any software issue that results in the loss/compromise of data or money for CoinJar or any of its customers. The most common examples are:

• Cross site scripting

• Cross site request forgery

• Remote code execution

• Click jacking

• Code injection

• Leaks of sensitive data

###Ineligible bounties We can not reward bounties for things that are outside of our direct control, such as:

• Social engineering

• Physical access to hardware

• Vulnerabilities in 3rd party software (Ruby, nginx, etc)

• Denial of Service

• Usability issues

###How to report If you have an issue to report, please send an email to [email protected]. In your email, include as much detail about the exploit as possible and a Bitcoin address to send the reward to. Our Security Team will get back to you within three days.