Notion Labs, Inc. Bug Bounty Program
Program Highlights
This program maintains a top response efficiency above 90%.
Response Targets:
- Time to first response (from report submit): 3 business days
- Time to triage (from report submit): 10 business days
- Time to resolution (from report submit): Varies depending on severity
Rewards
Rewards are based on severity per CVSS (Common Vulnerability Scoring Standard). These are general guidelines, and reward decisions are at the discretion of Notion Labs, Inc.
| Severity | Reward Range | Average Bounty |
|---|
| Low | $50–$100 | $90 |
| Medium | $100–$250 | $231 |
| High | $500–$2,000 | $1,818 |
| Critical | $2,000–$5,000 | $4,500 |
In-Scope Assets and Bounty Ranges:
- Github Repositories or other public artifacts owned by makenotion: $50–$2,000
- Public API: $100–$5,000
- Notion Authentication: $100–$5,000
- calendar.notion.so: $100–$5,000
- mail.notion.so: $100–$5,000
- Product API: $100–$5,000
- Privilege Escalation: $100–$5,000
- Notion AI: $100–$5,000
- Notion Integrations: $100–$5,000
- Notion Desktop App: $75–$3,000
- Notion Frontend: $75–$2,500
- notion.id: $50–$2,000
Program Rules
- Provide detailed reports with reproducible steps. Reports that are not detailed enough to reproduce will not be eligible for a reward.
- Submit one vulnerability per report, unless vulnerabilities need to be chained to provide impact.
- When duplicates occur, only the first report received (provided it can be fully reproduced) will be awarded.
- Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.
- Social engineering (phishing, vishing, smishing) is prohibited.
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of the service. Only interact with accounts you own or with explicit permission of the account holder.
- Reports covering more than one in-scope asset will be paid out once at the highest paying in-scope asset category.
Scope Exclusions
Core Ineligible Findings
- Javascript execution on file.notion.so and notion-static.com is expected. To be considered in scope, demonstrate how it harms users on in-scope assets.
- Bypasses of lock features on page and database views
- Obtaining access to a paid feature of a higher level plan
- Notion leverages frontier models like OpenAI and Anthropic. Engineered prompts to evoke inappropriate responses from the AI are out of scope and should be submitted to model vendors. System prompt disclosures without demonstrated further impact on users are out of scope.
- In-App Contact form is out of scope
Out of Scope Vulnerabilities
The following issues are not considered in scope:
- Vulnerabilities in third-party services, unless specific mitigations from Notion are required
- Social engineering or phishing of Notion employees or contractors
- Attacks against Notion's physical property or data centers
- Attacks against Notion's users
- Use of automated scanning tools
- Lack of rate limiting on any resources
- Password policy issues, including lack of upper limit on passwords
- HTTP 404 or other error codes and pages
- Banner or version disclosure
- Presence of common public files (robots.txt, .well-known directory)
- Self-XSS issues
- Spamming
- Clickjacking on pages with no sensitive actions
- Clickjacking issues without an exploit showing account takeover or disclosure of sensitive resources
- Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions
- Attacks requiring MITM or physical access to a user's device
- Previously known vulnerable libraries without a working Proof of Concept
- CSV injection without demonstrating a vulnerability
- Missing best practices in SSL/TLS configuration
- Content spoofing and text injection without an attack vector or ability to modify HTML/CSS
- Denial of Service (DoS) or activity that could disrupt service
- Rate limiting or brute force issues on non-authentication endpoints
- Missing best practices in Content Security Policy
- Missing HttpOnly or Secure flags on cookies
- Missing security headers that don't directly lead to vulnerability or account compromise
- Vulnerabilities only affecting users of outdated or unpatched browsers (less than 2 stable versions behind the latest)
- Software version disclosure, banner identification, or descriptive error messages
- Public zero-day vulnerabilities with official patches less than 1 month old (awarded case-by-case)
- Tabnabbing
- Open redirect without additional security impact
- Notion hosting malware, spam, or phishing websites
- Issues requiring unlikely user interaction
- Revealing identity information on published *.notion.site pages
- Expected behaviors as described in Notion Documentation
- For Notion's AI, engineered prompts are out of scope. Obfuscated or invisible characters altering AI responses are in scope if security impact is demonstrated. Prompt injection reports must demonstrate security impact (e.g., data leaked outside workspace).
- Testing on accounts containing production data or accounts not controlled by the testing party. Accounts must be created specifically for the engagement.
Disclosure Policy
- Do not discuss any vulnerabilities (even resolved ones) outside the program without express consent from the organization.
- Follow HackerOne's disclosure guidelines.
Test Plan
The application is self-sign up through Notion.so. Mobile apps are available through Apple and Android stores. Use your HackerOne username and email as the account for testing.
Safe Harbor
Any activities conducted in compliance with this policy will be considered authorized conduct, and we will not initiate legal action against you. If legal action is initiated by a third party in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
