Algrano Bug Bounty Program
Desde la búsqueda de nuevos clientes hasta la entrega del café, Algrano es tu aliado confiable en materia de café.
If you’ve found a vulnerability or security issue, we want to hear from you. Our Bug Bounty Program ensures your report is handled consistently, rewarded fairly, and resolved quickly while protecting our systems and data.

Comienza hoy
con Algrano
Regístrate gratis
Los usuarios registrados pueden vender en Algrano a sus clientes actuales.security@algrano.com to register for the program and request access to the sandbox/demo environment if needed. This helps us coordinate and verify participation.
Reports from unregistered participants may be ineligible for rewards.
Find a vulnerability
Focus your testing on the sandbox/demo environment we provide.
(Production systems, third-party services, social engineering — i.e., phishing, smishing, etc. — and non-approved test environments are out of scope.)
Report it responsibly
Email us at security@algrano.com with:
- Vulnerability description
- Steps to reproduce
- Impact assessment (CVSS v3.1 vector, if possible)
- Proof-of-concept (if available)
(all vulnerability details are confidential until fixed - you should not publicly disclose any information without prior written approval)
Wait for our acknowledgment
We’ll confirm receipt within 5 business days.
We review and assess
- Severity is evaluated using CVSS v3.1
- We’ll share our assessment, reward tier, and request payment details (if applicable).
Receive your reward
If eligible, your bounty will be paid after confirmation.
Rewards
Severity
CVSS v3.1 Score Range
Typical Reward
Examples
Critical
9.0 – 10.0
$500+
Remote code execution, full authentication bypass, production DB access
High
7.0 – 8.9
$300
Sensitive non-public data, major privilege escalation
Medium
4.0 – 6.9
$200
Limited non-public data, low-level access control bypass
Low
0.1 – 3.9
Acknowledgment only
Minor misconfigurations, non-sensitive leaks

Our commitment to researchers
We treat good-faith security research as authorized.
We will always communicate respectfully and professionally.
We won’t share your report or details without your consent.
We will acknowledge valid reports and give credit if you wish.
💡 Thank you for helping us keep Algrano secure for everyone!