Book a demo
See how Deeto can help your business
At Deeto Inc., we prioritize the security of our systems and the privacy of our users. We appreciate the security community’s contributions to our security posture and offer rewards for vulnerabilities responsibly disclosed to us.
To be eligible for a reward under this policy, you must:
• Be the first person to report the vulnerability.
• Follow the guidelines outlined in our Vulnerability Disclosure Policy.
• Report a security issue that we have not previously identified or mitigated.
• Not be a current employee or contractor of Deeto Inc. or an immediate family member of any such individual.
The following assets are in scope for the Bug Bounty Program:
• app.deeto.ai
• Our mobile app (future)
• api.deeto.ai
• Development and staging environments
• 3rd party used entities (zoom, AWS, etc.)
• DNS and server configurations (DMARC, access restrictions, etc.)
• the marketing website (www, support, etc.)
We offer monetary rewards for the discovery of valid and previously unreported vulnerabilities. The reward amount is determined based on the severity of the vulnerability and the potential impact on our users. The reward ranges are as follows:
• Low severity: $50
• Medium severity: $100
• High severity: $200
• Critical severity: $250
To ensure responsible disclosure and eligibility for a bounty, please adhere to the following guidelines:
• Do not exploit the vulnerability beyond what is necessary to demonstrate it.
• Do not engage in any activity that could cause harm or disruption to our services.
• Do not access, modify, or delete data that does not belong to you.
• Allow us a reasonable time frame to address the vulnerability before publicly disclosing it.
• To avoid bug-bounty hunters, reporting a bug that does not exist will exclude you from any future rewards.
The bug bounty program is "blackbox" (not gray-box nor whitebox), no sandbox access or documentation will be given.
1. Submit your report via bug-bounty-program@deeto.ai with the subject line “Bug Bounty Submission”.
2. Include a detailed description of the vulnerability, steps to reproduce, and potential impact.
3. Provide any supporting evidence, such as screenshots or proof-of-concept code.
Upon receiving your report, we will:
1. Acknowledge receipt of your submission within 7 business days.
2. Evaluate the report and assess its validity and severity.
3. Provide updates on the status of the vulnerability and our remediation efforts.
4. Issue the appropriate reward once the vulnerability has been validated and fixed.
We consider your research to be authorized if you comply with this policy and our Vulnerability Disclosure Policy. We will not pursue legal action against you for your research conducted in good faith.
We may update this policy from time to time. Changes will be communicated on our website or via email to active participants.
For any questions regarding the Bug Bounty Program, please contact us at support@deeto.ai .