EN
Sign In
Last updated on: November 18, 2024.

Disclosure Policy

Purpose

This policy outlines the process for reporting security vulnerabilities related to BikesBay.Cloud. We value the efforts of security researchers in keeping our platform safe and secure.

Contact Information

If you identify a security vulnerability, please contact us at:

We will acknowledge receipt of your report within 48 hours.

Scope

This policy applies to all services and platforms managed by BikesBay, including:

  • The website: bikesbay.cloud
  • The web application and its integrated API: https://app.bikesbay.cloud
  • BikesBay mobile applications (iOS and Android).

Expectations from Researchers

We request researchers to:

  1. Avoid exploiting vulnerabilities in a malicious manner.
  2. Respect the confidentiality of user data. This includes avoiding the collection, deletion, or alteration of data.
  3. Avoid testing that may disrupt our services. For example, denial-of-service (DoS) attacks are not allowed.
  4. Contact us directly before publicly disclosing any vulnerability.

We commit to treating your reports with respect and addressing them promptly.

Our Commitments

We promise to:

  • Acknowledge receipt of your report within 48 hours.
  • Assess and fix the issue in a timely manner.
  • Notify you once the vulnerability has been resolved.
  • Publicly credit you for your contribution, if desired.

Rewards

At this time, we do not offer a formal Bug Bounty program. However, we greatly appreciate your contributions and may publicly acknowledge your efforts.

Report Handling Process

Below is the process we follow when handling vulnerability reports:

  1. Submission: Submit your findings via email to [email protected].
  2. Acknowledgment: We will confirm receipt of your report within 48 hours.
  3. Analysis: We will evaluate the nature and severity of the vulnerability.
  4. Resolution: Verified issues will be fixed as quickly as possible.
  5. Notification: You will be notified of the resolution status and any relevant updates.

Public Disclosure Guidelines

We request you refrain from publicly disclosing the vulnerability until it has been resolved. After a resolution, we are happy to discuss public disclosure in collaboration with you.

Examples of Vulnerabilities

We welcome reports on issues such as:

  • SQL Injection: Vulnerabilities that allow attackers to execute arbitrary SQL queries on the database.
  • Cross-Site Scripting (XSS): Issues that enable malicious scripts to be executed in a user's browser.
  • Authentication or Authorization Flaws: Problems that allow unauthorized access to user accounts or sensitive data.
  • Data Leakage: Exposure of sensitive or confidential information due to improper configurations.
  • API Security Issues: Vulnerabilities in API endpoints that may lead to data breaches or unauthorized actions.

If you have any questions about this policy, feel free to contact us at [email protected]. We sincerely appreciate your assistance in improving the security of BikesBay.

Terms of Service Privacy Policy Data Processing Addendum
Pricing & FAQ Changelog About BikesBay
© 2025 BikesBay.Cloud. All rights reserved.