If you believe you have found a security vulnerability or exploit on EpikChat, we encourage you to let us know right away.
We investigate all legitimate reports and do our best to quickly fix the problem. Reports can be sent to support@epikchat.com
Responsible Disclosure Policy
If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you.
To show appreciation for our security researchers, we may offer abilities to test new features before their release and gain unique badges for your account. Monetary bounties are not available at this time due to the nonprofit nature of our services.
We are interested in reports for the following types of bugs:
It is encouraged to use a test account instead of your personal account when investigating bugs. The account name used for testing should be mentioned to us so we can identify with your reports more easily and avoid mistaking your research with unsanctioned or malicious activity.
If you are unable to reproduce a bug with a test account, you may use a real account, except for automated testing. Do not interact with other accounts without the consent of their owners.
Responsible Disclosure Policy
If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you.
To show appreciation for our security researchers, we may offer abilities to test new features before their release and gain unique badges for your account. Monetary bounties are not available at this time due to the nonprofit nature of our services.
We are interested in reports for the following types of bugs:
- WebSocket exploitation
- Cross-Site Scripting (XSS)
- Circumvention of Platform, Privacy, or Permission models
- Remote Code Execution
- Privilege Escalation
- Chat data handling
- Broadcast streaming/viewing MITM attack vectors
It is encouraged to use a test account instead of your personal account when investigating bugs. The account name used for testing should be mentioned to us so we can identify with your reports more easily and avoid mistaking your research with unsanctioned or malicious activity.
If you are unable to reproduce a bug with a test account, you may use a real account, except for automated testing. Do not interact with other accounts without the consent of their owners.