Bug Bounty Program Policy

Last updated: November 26, 2024

1. Introduction

At Minut, we are committed to ensuring the security and privacy of our devices and services. We believe in the power of collaboration with the security research community to identify and address potential vulnerabilities. Our Bug Bounty Program is designed to reward security researchers for their efforts in discovering and responsibly reporting security issues.

2. Scope

This program covers all our devices, mobile and web applications, and cloud services unless explicitly excluded below.

Specifically, the scope includes:

  • M3 (Gen 3) Sensor
  • M2 (Gen 2, formerly Point 2) Sensor
  • Minut app on iOS and Android
  • Minut web app
  • Minut API
  • Minut web store

The following devices are excluded:

  • M1 (Gen 1, formerly Point) Sensor

3. Eligibility

To participate in our Bug Bounty Program, you must:

  • Be at least 18 years old
  • Must not currently be, nor have ever been, an employee or contractor of Minut, Inc. or its subsidiaries, nor collaborate with anyone who currently is or has been.
  • Not reside in a country subject to U.S. or EU sanctions
  • Agree to our bug bounty program policy (this document)

4. Submission Process

To submit a vulnerability report:

  1. Identify a security issue within our scope
  2. Document the issue clearly, including steps to reproduce
  3. Reach out to vulnreports@minut.com to coordinate a secure delivery of your report.
  4. Do not disclose the issue publicly until we've had a chance to address it. This normally means 90 days from when a detailed, reproducible report has been delivered to Minut, although exceptions may be made on a case-by-case basis.

5. Reward Structure

Rewards are based on the severity and impact of the reported issue. We reserve the right to decide the size of the reward (if any). Our general reward structure is as follows:

Severity Reward Range
Critical $5,000 - $10,000
High $2,000 - $4,999
Medium $500 - $1,999
Low $100 - $499

6. Legal Safe Harbor

We will not pursue legal action against researchers who:

  • Comply with this policy
  • Make a good-faith effort to avoid privacy violations, data destruction, and service interruption
  • Do not exploit vulnerabilities beyond the minimum necessary to demonstrate the issue

7. Out of Scope

The following are not eligible for rewards:

  • Denial of Service attacks
  • Social engineering attacks
  • Physical attacks on our offices or data centers
  • Vulnerabilities in third-party applications or websites

8. Response Timeline

We aim to respond to all submissions within 5 business days. Our typical timeline for addressing issues is:

  • Initial response: Within 5 business days
  • Triage and assessment: Within 10 business days
  • Fix implementation: Varies based on complexity
  • Reward issuance: Within 30 days of fix verification

9. Contact

For questions about this program, please get in touch with our security team at vulnreports@minut.com.

10. Updates to This Policy

We reserve the right to update this policy at any time. Any changes will be posted on this page with an updated revision date.

Características
Para anfitriões e proprietáriosPara gerentes de propriedadesPara proprietários de hotéisMonitoramento de ruído internoMonitoramento de ruído externoDetecção de fumaça de cigarroMonitoramento de ocupaçãoTemperatura, umidadeAlarme domésticoAssistência de guardaAssistência de chamadaAPI
Companhia
Sobre MinutImprensa e mídiaCarreiras
Recursos
PreçosBlogParceirosWebinars e demonstraçõesHistórias de sucessoPara convidadosIntegraçõesCalculadora de economiaIndique um amigoPrograma de afiliadosPolítica de devolução e reembolsoDocumentação para desenvolvedoresConfiguraçãoEspecificações técnicas do produto
LegalTermos de serviçoPolítica de privacidadeTermos de assinaturaDeclaração de ConformidadeDeclaração de acessibilidadeCódigo aberto na Minut
Contato e suporte
Centro de ajudaPERGUNTAS FREQUENTEShello@minut.comEntre em contato com vendasAgende uma demonstração
Idioma
facebookinstagramtwitterlinkedinyoutube
google play storeapple appstore