Please contact us right away if you have found any security weaknesses on Vivisha.com.
All valid reports will be taken seriously and we will work to fix any verified issues as soon as possible.

Prior to submitting your report you need to read through the following guidelines which include our main principles together with bounty program requirements and non-qualifying issues.

SECTION 1 – CORE PRINCIPLES

Vivisha will not pursue legal action or an investigation against you if you submit vulnerability reports according to the guidelines below.

We ask that you:

  1. Allow Reasonable Time
    • Give us enough time to investigate the issue and fix it before you share the report with the public.
  2. Respect User Privacy
    • You must not touch or retrieve any personal data from other users’ accounts unless they give you their consent.
  3. Act in Good Faith
    • Do not cause privacy violations, service interruptions, data destruction or disruption to others.
  4. Do Not Exploit the Vulnerability
    • Do not use or demonstrate the bug to access sensitive data or escalate risk.
  5. Follow Applicable Laws
    • You should not perform any actions that go against any laws or regulations.

SECTION 2 – BOUNTY PROGRAM

Vivisha appreciates the efforts of ethical curiosity researchers. We compensate monetary rewards to security researchers for reporting valid and relevant vulnerability disclosures. Rewards are paid in our sole discretion based on severity, potential risk, and other factors.

To qualify for a bounty, you must:

  1. Comply With Our Core Principles
    • Outlined in Section 1.
  2. Report a Valid Security Bug
    • The issue must pose a real security or privacy risk to our systems or users (Note: not all bugs qualify).
  3. Submit Your Report via Our Security Center
    • Do not reach out to individual employees directly.
  4. Report Responsibly
    • If you accidentally access data or cause service disruption, report immediately without attempting to explore further.

SECTION 3 – NON-ELIGIBLE SUBMISSIONS

The following types of issues do not qualify for bounties and should not be submitted:

• Spam, social engineering, or phishing reports not related to our infrastructure
• Missing SPF/DMARC records
• Clickjacking on non-sensitive pages
• Rate-limiting or brute-force issues without clear impact
• Denial-of-Service (DoS) attacks
• Vulnerabilities requiring root or jailbroken devices
• Reports involving outdated browsers or extensions

HOW TO SUBMIT A REPORT

When reporting a vulnerability you should follow these steps:

📧 Email us: Contact@vivisha.com

When reporting a vulnerability please provide as much detail as you can including:

• Reproduction steps

• Potential impact

• Any relevant screenshots or code snippets

📱 Phone: [Phone]
Email: Contact@vivisha.com