Plenty Of Fish
External Program
Submit bugs directly to this organization
Plenty Of Fish
External Program
Submit bugs directly to this organization
Security is a priority at Plenty of Fish. If you believe you've found a security bug in our in-scope applications or infrastructure, we are happy to work with you to resolve the issue promptly and ensure you are fairly rewarded for your discovery.
Your participation in our Bug Bounty Program is voluntary and by invitation-only. By joining our Bug Bounty Program, submitting a report or otherwise disclosing a vulnerability to us (“Submission”), you are indicating that you have read and agree to follow the rules set forth on this page (“Program Terms”).
If (i) you do not meet the eligibility requirements below; (ii) you breach any of these Program Terms or any other agreements you have with Plenty of Fish or its affiliates; or (iii) we determine that your participation in our Bug Bounty Program could adversely impact us, our affiliates or any of our users, employees or agents, we, in our sole and absolute discretion, may remove you from our Bug Bounty Program and disqualify you from receiving any benefit of our Bug Bounty Program.
If you have questions about the Plenty of Fish service or are trying to get help with your own Plenty of Fish (POF) account, please read our FAQ for assistance.
#Confidentiality Any information you receive, collect or otherwise obtain about us, our services, our affiliates or any of our users, employees or agents in connection with our Bug Bounty Program (whether after or before you joined the Bug Bounty Program, notably as a result of you finding and/or investigating a security bug in our in-scope applications or infrastructure) (“Confidential Information”) must be kept confidential, only used in connection with the Bug Bounty Program and not disclosed to any third party. You may not use, disclose or distribute any such Confidential Information, including without limitation any information regarding your participation in our Bug Bounty Program and any Submission.
By joining our Bug Bounty Program, you represent and warrant that you have not used and will not use Confidential Information for any purpose other than in connection with the Bug Bounty Program and that you have not shared and will not share such Confidential Information with any third party.
Once a Submission is made, Plenty of Fish reserves the right to request from you, and you already accept to abide by this request, to securely and irreversibly delete any data related to such Submission, including, without limitation, any data about us, our services, our affiliates or any of our users, employees or agents. Additionally, you agree to securely and irreversibly delete any data related to the Submission immediately upon it no longer being reasonably necessary to retain for the purposes of conveying the impact or scope of the reported issue, after verifying with Plenty of Fish that it is no longer necessary, and/or if the Submission is closed, regardless of outcome.
#Eligibility to Participate# To participate in our Bug Bounty Program, you must: • Be at least 18 years of age if you test using a Plenty of Fish account, and otherwise be the age of majority in your jurisdiction of residence or have the consent of your parent or guardian to participate in our Bug Bounty Program. In any event, you must be over the age of 13. • Not be a resident of, or make a Submission to our Bug Bounty Program from, a country against which the United States has issued export sanctions or other trade restrictions. • Not be in violation of any national, state, or local law or regulation with respect to any activities directly or indirectly related to our Bug Bounty Program. • Not be employed by Plenty of Fish or any of its affiliates or an immediate family member of a person employed by Plenty of Fish or any of its affiliates.
You are responsible for any tax implications of a reward from our Bug Bounty Program depending on your country of residency and citizenship.
#Program Ground Rules# • Don’t mass create accounts to perform testing against our applications and services. • Don’t conduct automated testing - under no circumstance is automated testing allowed and will result in disqualification of the security bug(s). • Don’t engage in social engineering (e.g. phishing, vishing, smishing). • Don’t attempt to extort us. • Don’t leave any system in a more vulnerable state than you found it. • Don’t publicly disclose vulnerabilities. • Do respect our users’ privacy. • Do research vulnerabilities and disclose vulnerabilities to us in good faith. • Do be respectful when interacting with our team.
#Bounty Eligibility# Plenty of Fish reserves the right to decide if the minimum severity threshold is met and whether it was previously reported.
To qualify for a reward under this program, you must:
#Scope
#Program Updates and Licenses# We may modify the Program Terms or cancel our Bug Bounty Program at any time in our sole and absolute discretion.
As a condition of participation in the our Bug Bounty Program, you hereby grant Plenty of Fish (POF) and its affiliates a perpetual, irrevocable, worldwide, royalty-free, transferrable, sublicensable and exclusive license to use, reproduce, adapt, modify, publish, distribute, publicly perform, create derivative work from, make, use, sell, offer for sale and import the Submission, as well as any materials submitted to Plenty of Fish in connection therewith, for any purpose. You should not send us any Submission that you do not wish to license to us. You hereby represent and warrant that the Submission is original to you and you own all right, title and interest in and to the Submission.
#Thanks We believe in recognizing the work of others. If your work helps us improve the security of our service, we'd be happy to acknowledge your contribution in our Hall of Fame.
Thank you for helping keep Plenty Of Fish and our users safe!