At Whitelabel, we believe in fostering a collaborative and ethical approach to improving security. As part of our commitment to protecting our users, data, and systems, we invite security researchers to responsibly disclose vulnerabilities through our Bug Bounty Programme.

We value the contributions of the security community and are dedicated to building trust and transparency. Your efforts help make our systems safer for everyone.

Programme Scope

Our Bug Bounty Programme focuses on identifying and addressing vulnerabilities in the following areas:

In-Scope Examples:

• Web Applications: Primary domains (e.g., app.whitelabel.ai and critical subdomains.
• API Endpoints: REST and GraphQL APIs directly associated with our products.
• Security Vulnerabilities:
  • Authentication bypasses
  • Privilege escalation
  • Data leaks (e.g., PII exposure)
  • Critical misconfigurations or logic flaws
  • Common issues like XSS, SQLi, CSRF, and RCE
• Infrastructure: Systems and configurations directly managed by Whitelabel.

Out-of-Scope Examples:

• Third-Party Systems: Issues in services not owned or managed by us.
• Low-Impact Bugs: Cosmetic issues, UI/UX inconsistencies, or text errors.
• Denial of Service (DoS): Any testing that disrupts user access or system availability.
• Social Engineering or Physical Testing: Attempts targeting employees or facilities.
• Test Environments: Staging systems explicitly labelled for development use only.

Guidelines for Responsible Disclosure

We kindly ask all participants to adhere to the following principles to ensure a constructive and ethical approach: