Pricing

Docs

Blog

Request a demo

Sign in

Try for free

Responsible Disclosure

Please visit our privacy policy, trust center and privacy center for related details.

Last Updated: March 19th, 2024

How to Report an Issue

If you've discovered a security vulnerability please send an email to security@juicebox.work with the following information:

  • A summary of the vulnerability and its potential impact.

  • Detailed steps to reproduce the issue, including screenshots.

  • Your environment details, such as operating system, browser, and device.

  • If possible, include proof-of-concept code that demonstrates the exploit.

We will investigate the issue. We will keep you informed of our progress and may reach out for further details if necessary.

Rewards

Rewards

We value the efforts of those who contribute to the security of our services by reporting vulnerabilities.

While not all reports will qualify for financial compensation, we offer rewards based on the severity and impact of the vulnerability. Recognizable contributions may, in certain cases, qualify for financial compensation.

Critical vulnerabilities that are severe, have a CVSS score of 4 or higher, and have not been previously identified by our team, are most likely to qualify.

In Scope

In Scope

Out of Scope

  • juicebox.ai

  • chat.juicebox.work

Out of Scope

  • juicebox.ai

  • chat.juicebox.work

  • Automated scanning tools

  • Social engineering attacks

  • Brute force attacks

  • DDoS attacks

  • Clickjacking on pages without sensitive actions

  • Theoretical vulnerabilities without demonstrable exploitability

  • Attacks requiring physical access to a device

  • Denial of service attacks

Out of Scope

We ask you to

  • Automated scanning tools

  • Social engineering attacks

  • Brute force attacks

  • DDoS attacks

  • Clickjacking on pages without sensitive actions

  • Theoretical vulnerabilities without demonstrable exploitability

  • Attacks requiring physical access to a device

  • Denial of service attacks

  • Test vulnerabilities only on your own account. If testing involves another account, ensure you have explicit permission.

  • Avoid copying, modifying, or destroying production data.

  • Refrain from activities that cause downtime or degradation of our services.

  • Adhere to our privacy policies, terms of service, and applicable data privacy regulations.

  • Do not disclose the vulnerability publicly until it has been reported to us and adequately resolved, allowing us reasonable time to address the issue.

We ask you to

  • Test vulnerabilities only on your own account. If testing involves another account, ensure you have explicit permission.

  • Avoid copying, modifying, or destroying production data.

  • Refrain from activities that cause downtime or degradation of our services.

  • Adhere to our privacy policies, terms of service, and applicable data privacy regulations.

  • Do not disclose the vulnerability publicly until it has been reported to us and adequately resolved, allowing us reasonable time to address the issue.

Backed by leading venture firms and angel investors.

Legal

Terms and Conditions

Privacy Policy

Cookie Policy

Trust Center

GDPR & CCPA

Support

Help Center

Privacy Choices

Email Support

Request a Demo

Responsible Disclosure

Resources

Docs

Announcements

Articles

Referral Program

Pricing

Search Library

Company

Careers

Linkedin

Twitter

Built in San Francisco.

sales@juicebox.work

All rights reserved.

Backed by leading venture firms and angel investors.

Legal

Terms and Conditions

Privacy Policy

Cookie Policy

Trust Center

GDPR & CCPA

Support

Help Center

Privacy Choices

Email Support

Request a Demo

Responsible Disclosure

Resources

Docs

Announcements

Articles

Referral Program

Pricing

Search Library

Company

Careers

Linkedin

Twitter

Built in San Francisco.

sales@juicebox.work

All rights reserved.

Backed by leading venture firms and angel investors.

Legal

Terms and Conditions

Privacy Policy

Cookie Policy

Trust Center

GDPR & CCPA

Support

Help Center

Privacy Choices

Email Support

Request a Demo

Responsible Disclosure

Resources

Docs

Announcements

Articles

Referral Program

Pricing

Search Library

Company

Careers

Linkedin

Twitter

Built in San Francisco.

sales@juicebox.work

All rights reserved.

Pricing

Docs

Blog

Request a demo

Sign in

Try for free

In Scope

  • juicebox.ai

  • chat.juicebox.work

Out of Scope

  • Automated scanning tools

  • Social engineering attacks, especially those involving [Your Startup's Name] employees

  • Brute force attacks

  • DDoS attacks

  • Clickjacking on pages without sensitive actions

  • Theoretical vulnerabilities without demonstrable exploitability

  • Attacks requiring physical access to a device

  • Denial of service attacks

Out of Scope

  • Automated scanning tools

  • Social engineering attacks, especially those involving [Your Startup's Name] employees

  • Brute force attacks

  • DDoS attacks

  • Clickjacking on pages without sensitive actions

  • Theoretical vulnerabilities without demonstrable exploitability

  • Attacks requiring physical access to a device

  • Denial of service attacks

  • A summary of the vulnerability and its potential impact.

  • Detailed steps to reproduce the issue, including screenshots.

  • Your environment details, such as operating system, browser, and device.

  • If possible, include proof-of-concept code that demonstrates the exploit.

  • Test vulnerabilities only on your own account. If testing involves another account, ensure you have explicit permission.

  • Avoid copying, modifying, or destroying production data.

  • Refrain from activities that cause downtime or degradation of our services.

  • Adhere to our privacy policies, terms of service, and applicable data privacy regulations.

  • Do not disclose the vulnerability publicly until it has been reported to us and adequately resolved, allowing us reasonable time to address the issue.

  • juicebox.ai

  • chat.juicebox.work