Algrano Bug Bounty Program

Desde a busca de novos clientes até a entrega do café, a Algrano é sua parceira transparente no mercado.

If you’ve found a vulnerability or security issue, we want to hear from you. Our Bug Bounty Program ensures your report is handled consistently, rewarded fairly, and resolved quickly while protecting our systems and data.

How to Participate

1

Registre-se gratuitamente

Usuários registrados podem vender na Algrano para sua cartela de torradores atual e oferecer melhor atendimento ao cliente.security@algrano.com to register for the program and request access to the sandbox/demo environment if needed. This helps us coordinate and verify participation.

Reports from unregistered participants may be ineligible for rewards.

2

Find a vulnerability

Focus your testing on the sandbox/demo environment we provide.

(Production systems, third-party services, social engineering — i.e., phishing, smishing, etc. — and non-approved test environments are out of scope.)

3

Report it responsibly

Email us at security@algrano.com with:

  • Vulnerability description
  • Steps to reproduce
  • Impact assessment (CVSS v3.1 vector, if possible)
  • Proof-of-concept (if available)

(all vulnerability details are confidential until fixed - you should not publicly disclose any information without prior written approval)

4

Wait for our acknowledgment

We’ll confirm receipt within 5 business days.

5

We review and assess

  • Severity is evaluated using CVSS v3.1
  • We’ll share our assessment, reward tier, and request payment details (if applicable).
6

Receive your reward

If eligible, your bounty will be paid after confirmation.

Rewards

Severity

CVSS v3.1 
Score Range

Typical Reward

Examples

Critical

9.0 – 10.0

$500+

Remote code execution, full authentication bypass, production DB access

High

7.0 – 8.9

$300

Sensitive non-public data, major privilege escalation

Medium

4.0 – 6.9

$200

Limited non-public data, low-level access control bypass

Low

0.1 – 3.9

Acknowledgment only

Minor misconfigurations, non-sensitive leaks

Our commitment to researchers

We treat good-faith security research as authorized.

We will always communicate respectfully and professionally.

We won’t share your report or details without your consent.

We will acknowledge valid reports and give credit if you wish.

💡 Thank you for helping us keep Algrano secure for everyone!