UniOne values your privacy, and it is our goal to maintain the security of our platform. This page describes some steps that we are taking to address potential security issues and to help protect UniOne, our users, and their data. For more information about how we may collect, store, and use data from our users, please see our Privacy Policy.
We take security incidents very seriously. If you’ve found an exploit or any potential security breach please let us know. Send an email to bounty@unione.io with as much information as possible. Someone from our team will be in touch as soon as possible.
We welcome security researchers that practice responsible disclosure and comply with our policies. The UniOne bug bounty program gives a tip of the hat to these researchers and rewards them for their efforts. To be eligible for a reward under our bug bounty program, you must comply with the terms outlined below.
In addition to complying with our Terms of Use and any other applicable terms and conditions, you must also follow these basic rules when participating in our bug bounty program:
The following is a non-exhaustive list of reports that do not qualify for a reward under our bug bounty program:
Note that even though we are happy to receive information about not following best-practices, such issues are not vulnerabilities, unless they affect confidentiality, integrity and/or availability. Similarly, such issues will not result in monetary rewards.
We may issue monetary rewards for reported issues that we decide to fix, with higher rewards for distinctly creative or severe security issues. Issues that we determine to be an insignificant or accepted risk will not be eligible for a reward. The reward amount will be based on the severity of the issue and range from $25 to $500.
Please note that only reports submitted to bounty@unione.io will be eligible for a reward under our bug bounty program.
We are a small and very busy Development Team, and we receive a lot of emails. Please do not send us multiple or repetitious emails asking the same questions about submitted reports or the status of potential bounty payments. This will not accelerate the process and may result in a slower response due to the extra burden on our inbox. We appreciate your patience.
Also, please be aware that repeat submission of issues on the unqualified list may result in you not receiving a response.
Our bug bounty program is not a contest or competition. It is an experimental and discretionary rewards program. We may modify the terms of this program or terminate this program at any time without notice. All decisions as to the amount and type of rewards that may be issued, the method of payment (for monetary rewards), and whether or not any reported issue constitutes a significant risk or is eligible for a reward, will be determined at UniOne’s complete discretion in each case. We typically issue monetary rewards by Paypal and require your full name and appropriate contact information. You are responsible for any tax implications of any reward you receive and must comply with all tax laws applicable to any rewards that we may issue you. We cannot issue rewards to individuals who are on sanctions lists, or who are located in countries (e.g. Russia, Cuba, Iran, North Korea, Sudan, or Syria) that are on sanctions lists. You must comply with all applicable local, state, national, and international laws, rules, and regulations in connection with your participation in this program. Your participation in this program must not disrupt or compromise any data that does not belong to you.