Security

Maroo Bounty Program

Protecting our community's privacy and security is among our highest priorities. Help us track down vulnerabilities and get paid a bounty.
Avoid harm or risk to Maroo, our users, or third parties
Don't disclose your findings without our agreement
Report through a legitimate channel
MacBook mockup

Hello security researchers 👋

We invite you to investigate vulnerabilities in Maroo as long as your research follows this responsible research and disclosure policy.

What you need to do

• Avoid harm or risk to Maroo, our users, or third parties
• Don't disclose your findings without our agreement
• Report through a legitimate channel

What you can't do

• No privacy violations
• No deletion or damage of resources
• No lasting harm
• Nothing that degrades our service
• No creation or sharing of inappropriate content
• No targeting our staff, investors or physical environment

How we will respond

If you follow these guidelines, we commit to:

• Not pursuing or supporting legal action related to your research
• Working with you to understand issues, and resolve them if Maroo considers it necessary
• Taking steps to make it known that your actions were conducted in compliance with these guidelines if a third party initiates legal action against you in connection with activities in our program's scope

Rewards

As part of encouraging security researchers to put our security to test, we offer a variety of rewards for doing so if:

• The reported vulnerability is verifiable
• It hasn't been reported already
• You conducted your activities in a manner consistent with our guidelines

Rewards are provided at Maroo sole discretion based on severity of the bug and quality of the report.