If you discover a security vulnerability on funoras.com, please notify us immediately. We appreciate responsible disclosure and review all legitimate reports promptly to protect our users and platform.

Guidelines for Reporting

To ensure your report is handled safely and responsibly, please follow these rules:

  • Allow us reasonable time to investigate and fix the issue before disclosing it publicly
  • Do not access or modify private accounts or data without explicit permission
  • Avoid actions that could violate privacy, disrupt services, or damage data
  • Do not exploit the vulnerability for personal gain
  • Comply with all applicable laws and regulations

Bounty Program

We value the work of security researchers and may offer rewards for valid vulnerability reports. Bounties are awarded at our sole discretion based on severity, impact, and report quality.

To be eligible:

  • Follow all reporting guidelines above
  • Report a genuine and reproducible security vulnerability
  • Submit your report through our official contact channel
  • Clearly disclose any accidental access to sensitive data

Rewards

Severity

Reward

Examples

Critical

$200

Remote code execution, full account access, SQL injection exposing data

High

$100

Authentication bypass, sensitive data exposure, stored XSS

Medium

$50

Business logic flaws, insecure object references

Low

Recognition Only

Open redirects, reflected XSS, low-impact data exposure

Notes:

  • Only the first valid report of a vulnerability is eligible for a reward
  • Multiple issues caused by the same root vulnerability are treated as one report
  • Rewards depend on exploitability, real-world impact, and clarity of the report

Contact Information

Trade Name: Funoras
Address: 1420 East 3rd Street, Dayton, Ohio 45403, United States
Phone: +1 440 340 0334
Email: contact@funoras.com