Trint Ltd
External Program
Submit bugs directly to this organization
Trint Ltd
Trint is developed using the principle of Security and Privacy By Design. Information security is a top priority as a matter of company strategy and supported at the highest levels of management. Our security practices have been aligned with ISO 27001:2013, and we completed the certification this year.
Even so, new attack vectors and vulnerabilities are developed and found every day, and the public and the security research community plays a significant role in identifying these. If you think you have discovered a security vulnerability, follow the program guidelines, and we will happily work with you to solve the issue and ensure you are compensated for your discovery. Please read the Rewards section for more information about compensation.
This page is intended for security researchers who would like to learn about our bug bounty program and disclosures. For general information about security at Trint, please see the data security section on our website.
In case you are looking to submit non-security related issues, please contact us here instead.
We will make our effort to meet the following response targets for hackers participating in our program:
We’ll try to keep you informed about our progress throughout the process.
We aspire to be as transparent about our security as possible. Therefore we will aim to publicly disclose the vulnerabilities once they are confirmed as valid and have been resolved. We might extend the timeframe of public disclosure of a resolved report if we still have similar vulnerabilities to be resolved. We kindly ask you to not disclose them to the public or a third party without our consent, in compliance with the process described in the HackerOne Vulnerability Disclosure Guidelines.
Trint offers individual, team and enterprise accounts though the latter two cannot currently be signed up to without assistance from Trint Support. We are particularly interested in vulnerabilities that would permit a user unauthorized access to another user's data or enable users to access platform capabilities that should not be available to individual user accounts.
At all times act responsibly and in the best interests of Trint and our customers. We strongly discourage you from having a malicious approach, make good faith to avoid privacy violations, destruction of data and interruption or degradation of our service.
Whenever possible, create user accounts with the following email format: [email protected]. We may purge accounts if we notice that they are performing suspicious activities on our services.
In order for us to reply as quickly as possible, please be clear on your description of the issue and include logs, tracing, network requests and screenshots in your report whenever relevant, and detailed steps to reproduce it. We also expect you to include an assessment of the exploitability and the potential impact of the issue.
While researching, we ask you to refrain from:
Make sure you see what's in and out of scope before conducting your research. We may, from time to time, add new domains as part of ongoing product development. These should be considered out of scope until notified otherwise. We appreciate any notification of uncovered domains that you might discover.
One last thing that it is obvious but we would like to state it: do not violate the law while doing your research.
This is a points-based programme, as such, we will not reward security researchers monetarily at the moment. Instead, we will award security researchers with reputation points, based on HackerOne guidelines, upon triage and validation of the vulnerability reported. Please note that we will only award security researchers with reputation points for issues that have not been reported already.
If you follow these guidelines, your activities will be considered authorised conduct and therefore we will not pursue or support any legal action related to your research.
Thank you for helping us keep Trint and our customers safe!