To protect both Bold and security researchers, we ask you to comply with the following policies:
Bold reserves the right to cancel this program at any time and the decision to pay a bounty is entirely at our discretion. Your testing and submission must not violate any law, or disrupt or compromise any data that is not your own. There may be additional restrictions on your ability to submit content or receive a bounty depending on your local laws.
Bold considers activities conducted consistent with this program to constitute “authorized” conduct under the Computer Fraud and Abuse Act. If legal action is initiated by a third party against you and you have fully complied with this program, Bold will take steps to make it known, either to the public or to the court, that your actions were conducted in compliance with the Bold policy.
Upon Bold’s request, you will execute, acknowledge and deliver such further instruments, and will otherwise cooperate and do all other acts as may be necessary or appropriate in order to perfect or carry out the purpose and intent of these terms.
Participating in Bold’s Bug Bounty Program requires that you follow our guidelines. Adhere to the following guidelines to be eligible for rewards as part of this program:
The following services and domains are considered in scope: all of Bold’s solution admin consoles and all of Bold’s APIs
Generally speaking, any bug that poses a significant vulnerability to our merchants could be eligible for reward. It’s entirely at Bold’s discretion to decide whether a bug is significant enough to be eligible for reward. Security issues that typically would be eligible include:
Things that aren’t eligible for reward include: