← Back to Legal Documents

Bug Bounty

301.Pro Bug Bounty

301.Pro is provided by:
Oval Software, LLC
318 MCMICKEN ST
RAWLINS, WY 82301
Owner contact email: [email protected]
Security Reports email: [email protected]

Bug Bounty Program

Thank you for your interest in helping us keep 301.Pro secure! We're a small software company building an enterprise link management platform, and we truly appreciate the security research community. Responsible disclosure of vulnerabilities helps us protect our users and improve our services.

As a small team, we've launched this modest bug bounty program to encourage ethical, good-faith security testing. We value your time and expertise, and we're happy to reward valid reports.

Testing In Scope

  • Marketing site: https://www.301.pro
  • Staging/mirror environment (required for testing):
    https://app.301.dev
    https://api.301.dev
  • Production environment (testing strictly prohibited):
    https://app.301.pro
    https://api.301.pro
    Our user agreement explicitly forbids any form of unauthorized testing or ethical hacking on production systems.

Reward Tiers

We offer bounties for valid, previously unknown issues reported in good faith. Rewards are paid at our discretion based on severity, impact, and report quality via PayPal, Venmo, or Square Cash App.

  • $500 – Critical issues
    Severe vulnerabilities with proven high impact on confidentiality, integrity, or availability.
  • $250 – Security vulnerabilities
    Potential to access or manipulate another user's data (e.g., API abuse, XSS, CSRF).
  • $100 – Application bugs
    Functionality not working as intended, UI glitches, or incorrect non-security behavior.
  • $25 – Minor issues
    Malformed URLs, broken links, 404 errors, or small usability fixes.

Rules of Engagement – Please Be Kind!

We're a small team, so we kindly ask everyone to follow these guidelines to keep things safe and friendly:

  • Test responsibly – no denial-of-service attacks, brute-force attempts, spam, or actions that could degrade service or affect others.
  • Respect privacy – never access, exfiltrate, or disclose real user data, even if possible.
  • No high-volume automated scanning – light scanning is fine, but please keep it gentle on our dev environment.
  • Stop if unsure – if you find something sensitive, pause and report immediately rather than probing further.
  • Be nice – constructive and polite reports are greatly appreciated!

Violations may disqualify you from rewards or lead to account restrictions.

How to Report

  • Send reports to: [email protected]
  • Include a clear description, steps to reproduce (screenshots or video are very helpful), the environment tested, and potential impact.
  • We'll acknowledge receipt within 5 business days, validate the issue, and coordinate payment quickly once resolved.

Thank you again for helping make 301.Pro better and safer. We could not do this without responsible researchers like you!

— The 301.Pro Team