Algrano Bug Bounty Program

Security is a team effort — and we welcome the help of researchers, ethical hackers, and security enthusiasts to keep Algrano safe.

If you’ve found a vulnerability or security issue, we want to hear from you. Our Bug Bounty Program ensures your report is handled consistently, rewarded fairly, and resolved quickly while protecting our systems and data.

How to Participate

1

Register to participate

Before starting, please email us at security@algrano.com to register for the program and request access to the sandbox/demo environment if needed. This helps us coordinate and verify participation.

Reports from unregistered participants may be ineligible for rewards.

2

Find a vulnerability

Focus your testing on the sandbox/demo environment we provide.

(Production systems, third-party services, social engineering — i.e., phishing, smishing, etc. — and non-approved test environments are out of scope.)

3

Report it responsibly

Email us at security@algrano.com with:

  • Vulnerability description
  • Steps to reproduce
  • Impact assessment (CVSS v3.1 vector, if possible)
  • Proof-of-concept (if available)

(all vulnerability details are confidential until fixed - you should not publicly disclose any information without prior written approval)

4

Wait for our acknowledgment

We’ll confirm receipt within 5 business days.

5

We review and assess

  • Severity is evaluated using CVSS v3.1
  • We’ll share our assessment, reward tier, and request payment details (if applicable).
6

Receive your reward

If eligible, your bounty will be paid after confirmation.

Rewards

Severity

CVSS v3.1 
Score Range

Typical Reward

Examples

Critical

9.0 – 10.0

$500+

Remote code execution, full authentication bypass, production DB access

High

7.0 – 8.9

$300

Sensitive non-public data, major privilege escalation

Medium

4.0 – 6.9

$200

Limited non-public data, low-level access control bypass

Low

0.1 – 3.9

Acknowledgment only

Minor misconfigurations, non-sensitive leaks

Our commitment to researchers

We treat good-faith security research as authorized.

We will always communicate respectfully and professionally.

We won’t share your report or details without your consent.

We will acknowledge valid reports and give credit if you wish.

💡 Thank you for helping us keep Algrano secure for everyone!