About the Program
Admybrand has initiated bug bounty program to acknowledge and improve our website & products
and to address potential security threats with help of developers and security enthusiasts
of the ecosystem, for which individuals can receive recognition and compensation
for reporting bugs, especially those pertaining to exploits and vulnerabilities. Admybrand
invites independent security groups and individual researchers to study our websites
and products across all platforms and help us make it even safer and better for
If you believe that you have found a security vulnerability on Admybrand (or on another
member of the Admybrand companies), we encourage you to let us know straight away.
We will investigate all legitimate reports and do our best to quickly fix the problem.
Before reporting though, please review this page, including our responsible disclosure
policy, reward guidelines and things that should not be reported. If you still feel
that the problem you want to report is genuine, we appreciate your cooperation in
responsibly investigating and reporting it to us so that we can address it as soon
as possible. For Security related bugs/vulnerabilities, we offer reward and recognitions
as mentioned below.
Though we welcome reporting of non-security issues and product improvement related suggestions
at [email protected], please note that only genuine security issues are eligible
for rewards and not all suggestions for improvement of product can be implemented
from our side.
Responsible disclosure policy
If you comply with the policies below when reporting a security issue to Admybrand, we
will not initiate a lawsuit or law enforcement investigation against you in response
to your report. We ask that:
You give us reasonable time to investigate and mitigate an issue that you report before
making any information about the report public or sharing such information with others.
You do not interact with an individual account (which includes modifying or accessing
data from the account) if the account owner has not consented to such actions.
You make a good faith effort to avoid privacy violations and disruptions to others, including
(but not limited to) unauthorised access to or destruction of data, and interruption
or degradation of our services.
You do not exploit a security issue that you discover for any reason. (This includes
demonstrating additional risk, such as attempted compromise of sensitive company
data or probing for additional issues.)
You do not intentionally violate any other applicable laws or regulations, including
(but not limited to) laws and regulations prohibiting the unauthorised access to
For the purposes of this policy, you are not authorised to access user data or company
data, including (but not limited to) personally identifiable information and data
relating to an identified or identifiable natural person.
Bug bounty Terms
Adhere to our responsible disclosure policy (see above).
Report a security bug: identify a vulnerability in our services or infrastructure which
creates a security or privacy risk.
Your report must describe a problem involving one of the products or services listed
under "Bug bounty scope"
We specifically exclude certain types of potential security issues; these are listed
under "Ineligible reports and false positives"
Submit your report via our "Report a security vulnerability" form (one issue per report)
and respond to the report with any updates. Please do not contact employees directly
or through other channels about a report.
If you inadvertently cause a privacy violation or disruption (such as accessing account
data, service configurations or other confidential information) while investigating
an issue, you must disclose this in your report.
Use test accounts when investigating issues. If you cannot reproduce an issue with a
test account, you can use a real account (except for automated testing). Do not interact
with other accounts without consent.
In turn, we will follow these guidelines when evaluating reports under our bug bounty
We investigate and respond to all valid reports. Due to the volume of reports that we
receive, however, we prioritise evaluations based on risk and other factors, and
it may take some time before you receive a reply.
We determine bounty amounts based on a variety of factors, including (but not limited
to) impact, ease of exploitation and quality of the report. If we pay a bounty, the
minimum reward is INR 500. Note that extremely low-risk issues may not qualify for
a bounty at all.
We aim to pay similar amounts for similar issues, but bounty amounts and qualifying issues
may change over time. Past rewards do not necessarily guarantee similar results in
In the event of duplicate reports, we award a bounty to the first person to submit an
issue. A given bounty is only paid to one individual. You may donate a bounty to
a recognised charity and we double bounty amounts that are donated in this way.
We reserve the right to publish reports (and accompanying updates).
We publish a list of researchers who have submitted valid security reports. You must
receive a bounty to be eligible to be included in this list, but your participation
is then optional. We reserve the right to limit or modify the information accompanying
your name in the list.
Bug bounty Scope
8hoarding / ad8hoarding.com
Admybrand apps on Playstore like 8chat, Listen etc.
Admybrand products hosted on subdomains of admybrand like calci, adify, ARP etc.
Acquired companies of Admybrand like Zeedback.com