Details

Responsible Disclosure & Bug Bounty Program - Meesho

At Meesho Technologies Private Limited (including its affiliates) ("Meesho"), security is fundamental to maintaining the trust of our customers, partners, and sellers. We welcome responsible security research and encourage researchers to report potential vulnerabilities in our systems.

Public Bug Bounty Program (HackerOne)

Meesho operates a public Bug Bounty Program hosted on HackerOne. All vulnerability submissions, in-scope and out-of-scope assets, eligibility criteria, reward structure, severity ratings, testing guidelines, and program rules are governed exclusively by our HackerOne program page.

https://hackerone.com/meesho_bbp?type=team

The HackerOne program page defines all in-scope assets, exclusions, and applicable testing requirements.

Reports must be submitted via HackerOne to be eligible for bounty or recognition.

Safe Harbor

If you make a good-faith effort to comply with the rules and test only within the defined scope on our HackerOne program page, Meesho will consider your research authorized and will not initiate legal action related to your research. Researchers must avoid privacy violations, service disruption, or data destruction and must not exploit vulnerabilities beyond what is necessary to demonstrate impact.

Coordinated Vulnerability Disclosure (Non-Bounty)

If you are unable to submit via HackerOne, you may contact us at [email protected]. Please note that only submissions made through HackerOne are eligible for bounty or Hall of Fame recognition.

Recognition

Valid vulnerability reports submitted through HackerOne may be eligible for monetary rewards (based on severity), listing on our Security Hall of Fame, and Meesho swag (at our discretion).

Meesho may update this page from time to time. For the most current scope and policy details, please refer exclusively to our HackerOne program page.