Bug Bounty Program

Help Upscope secure our system


At Upscope, the security of our users’ data is a priority. We build our software and infrastructure with this goal in mind. That’s why we decided to welcome help from the outside through our bounty program to put our security to the test!

To take advantage of it, you’ll need to follow a few guidelines:

  • Be a good citizen: Do not disturb the service. Follow the ToS. Avoid automated testing.
  • Only test with your data. Do not interact with other accounts.
  • If you gain access to our system, report it immediately.
  • Do not publish any information regarding the vulnerability until we fixed it.
  • We only award one bounty per vulnerability. If we receive multiple reports, the first one will receive the reward.
  • Please note that we are not interested in reports about rate limits (including outgoing email rate limit). If your account hits our rate limits more than once, you will be banned and we will not consider any other submission you make. Please read the scope or our bug bounty program carefully before you create an account.


What we’re looking for

We’re looking for any security exploit. But we’ll be extra generous with:

  • Tampering with data of other users. Please note only proving an account exists isn’t enough.
  • Bypassing our security systems: if you’re able to go beyond your quota of agents per month, bypass user’s permissions, avoid authentication, or access someone else’s account or their data.
  • Cross-site scripting (XSS).
  • Server-side code execution.

Examples of Non-Qualifying exploits

  • DOS attacks.
  • Mixed-content scripts.
  • Social engineering.
  • Failures to adhere to “best practices” (for example, common HTTP headers, link expiration, email-validation or password policy).


Our reward system is flexible and doesn’t have any strict upper or lower limit. This means particularly creative or severe bugs will be rewarded accordingly. The amount will exclusively depend on the severity of the vulnerability.

Please keep in mind this bounty program doesn’t concern regular bugs in our application, but only security flaws allowing intruders to gain access to data of other users. If you wish to report a regular bug, contact team@upscope.com.

Rewards will be sent using Paypal once the vulnerability has been fixed. These services collect a fee for processing the transaction, which gets deducted from the amount awarded.

Please be aware that due to international regulations we are unfortunately unable to work with individuals or entities in Cuba, Iran, North Korea, Syria, and the Crimean region of Ukraine.


Please email us at team@upscope.com if you found a security bug. In your message, include the steps to reproduce the breach. We’ll quickly get back to you and keep you updated as we fix the issue reported. Once the patch is online, we’ll pay your bounty.

If you have any question regarding the program, please contact us!