Welcome to Our Bug Bounty Program

Introduction

At Park+, we prioritize the security and privacy of our users. To ensure our systems and applications are as secure as possible, we invite security researchers and ethical hackers to participate in our Bug Bounty Program. Your expertise helps us identify and fix vulnerabilities, making our platform safer for everyone.

Scope

We encourage you to look for vulnerabilities in the following areas:

• Website: www.parkplus.io
• Mobile Applications:
  • Park+ Android app
  • Park+ iOS app
• Any other publicly accessible endpoint owned by Park+

Out of Scope

The following are generally considered out of scope:

• Denial of Service attacks (DoS/DDoS)
• Social Engineering
• Physical attacks against our infrastructure
• Issues found in third-party services or websites that are not under Park+ control

Rules

To ensure the safety of our users and the integrity of our systems, please follow these guidelines:

• Do No Harm: Your testing should not negatively impact our users or infrastructure.
• Responsible Disclosure: Report vulnerabilities to us directly and avoid publicly disclosing any details until we've resolved the issue.
• Legal Compliance: Ensure that your actions are compliant with all applicable laws.
• Scope Adherence: Focus on the areas outlined in the scope section and avoid out-of-scope testing.

Rewards

We determine the severity based on the potential impact and exploitability of the vulnerability. Rewards are given at our discretion.

Responsible Disclosure Guidelines

• Report Immediately: If you discover a vulnerability, report it immediately to bugbounty@myparkplus.com
• Avoid Privacy Violations: Do not access or modify data without permission.
• Provide Detailed Reports: Include details such as steps to reproduce, potential impact, and suggested fixes.
• Maintain Confidentiality: Do not share details of the vulnerability with others until we have addressed the issue.

How to Participate

To participate in our Bug Bounty Program:

1. Review the scope and rules of our program.
2. Conduct your testing within the defined scope.
3. Submit your findings at bugbounty@myparkplus.com
4. Wait for our tech team to review and respond to your submission.

We value your contributions and look forward to working with the security community to improve our platform. Thank you for helping us maintain a safe and secure environment for our users.

Contact Us

For any questions or further information, please contact us at bugbounty@myparkplus.com