Introduction

At Dodo Payments, we take security seriously and appreciate responsible disclosure of vulnerabilities that help us improve our platform. If you discover a security vulnerability, we encourage you to report it to us following the guidelines below.

Reporting Security Vulnerabilities

If you identify a security vulnerability in our platform, please contact us at pt-team@dodopayments.com with the following details:
  • Description: A clear and concise explanation of the vulnerability.
  • Steps to Reproduce: Detailed steps to replicate the issue.
  • Impact: The potential risk or harm that could arise from the vulnerability.
  • Suggested Mitigations: (If available) Any recommendations on how to fix the issue.

How We Handle Reports

  1. Acknowledgment: Our team will confirm receipt of your report within a reasonable timeframe.
  2. Assessment: We will review the report and prioritize it based on severity and impact.
  3. Resolution Timeline: If the issue is already known and logged internally, we will provide an update on its expected resolution.
  4. Follow-up: We may reach out for additional information or clarification as needed.

No Monetary Rewards (Bug Bounty Program)

Currently, Dodo Payments does not have an official bug bounty program. While we deeply appreciate security researchers’ efforts, we do not offer monetary rewards for vulnerability disclosures. This ensures fairness for all individuals who have reported similar issues in the past.

Recognition & Appreciation

We highly value the contributions of ethical security researchers. While we do not offer financial compensation, we would be happy to send Dodo Payments goodies/merch as a token of appreciation for valid security reports. If you are interested, please let us know after your report has been reviewed.

Responsible Disclosure

To ensure a responsible and ethical reporting process, please adhere to the following:
  • Do not publicly disclose vulnerabilities until our team has had a reasonable time to address them.
  • Do not exploit the vulnerability beyond what is necessary to demonstrate the issue.
  • Do not access, modify, or delete data that does not belong to you.
  • Do not perform any activity that could disrupt our services.

Contact Us

If you have any security concerns or need further assistance, please reach out to us at pt-team@dodopayments.com.