A detecção de cigarros por IA ficou mais inteligente
-
saiba mais

Bug Bounty Program Policy

Last updated: February 5, 2025

1. Introduction

At Minut, we are committed to ensuring the security and privacy of our devices and services. We believe in the power of collaboration with the security research community to identify and address potential vulnerabilities. Our Bug Bounty Program is designed to reward security researchers for their efforts in discovering and responsibly reporting security issues.

2. Scope

This program covers all our devices, mobile and web applications, and cloud services unless explicitly excluded below.

Specifically, the scope includes:

  • M3 (Gen 3) Sensor
  • M2 (Gen 2, formerly Point 2) Sensor
  • Minut app on iOS and Android
  • Minut web app
  • Minut API
  • Minut web store

The following devices are excluded:

  • M1 (Gen 1, formerly Point) Sensor

3. Eligibility

To participate in our Bug Bounty Program, you must:

  • Be at least 18 years old
  • Must not currently be, nor have ever been, an employee or contractor of Minut, Inc. or its subsidiaries, nor collaborate with anyone who currently is or has been.
  • Not reside in a country subject to U.S. or EU sanctions
  • Agree to our bug bounty program policy (this document)

4. Submission Process

To submit a vulnerability report:

  1. Identify a security issue within our scope
  2. Document the issue clearly, including steps to reproduce
  3. Reach out to vulnreports@minut.com to coordinate a secure delivery of your report.
  4. Do not disclose the issue publicly until we've had a chance to address it. This normally means 90 days from when a detailed, reproducible report has been delivered to Minut, although exceptions may be made on a case-by-case basis.

Submit your report only to the address above, not to any other support or employee addresses. Failure to comply will result in your email address being banned and your report disregarded.

5. Reward Structure

Rewards are based on the severity and impact of the reported issue. We reserve the right to decide the size of the reward (if any). Our general reward structure is as follows:

Severity Reward Range
Critical $5,000 - $10,000
High $2,000 - $4,999
Medium $500 - $1,999
Low $100 - $499

You’ll need to submit an invoice to receive the payment. The invoice has to meet all legal requirements for Minut’s accounting purposes. We accept payment via Paypal or bank transfer.

We do not currently support payment via Western Union, crypto currency or other alternative payment mechanisms.

You’re responsible for paying applicable taxes in your jurisdiction. The total amount paid should match the reward determined by Minut.

Please note that the bug bounty program is voluntary. While striving to respond quickly and pay fair rewards, Minut is not obligated to following specific timelines or paying you anything. Threatening us because we don’t share your view of the report will get you banned from the program.

6. Legal Safe Harbor

We will not pursue legal action against researchers who:

  • Comply with this policy
  • Make a good-faith effort to avoid privacy violations, data destruction, and service interruption
  • Do not exploit vulnerabilities beyond the minimum necessary to demonstrate the issue

7. Out of Scope

The following are not eligible for rewards:

  • Denial of Service attacks
  • Social engineering attacks
  • Physical attacks on our offices or data centers
  • Vulnerabilities in third-party applications, devices, operating systems or websites
  • Attacks on the Minut apps through an infected device
  • Automated vulnerability scanner reports. If there’s a real bug, you must provide steps to reproduce and/or a proof of concept. Any automated reports submitted will be closed without being triaged.
  • Reports of user credentials found in an online database of compromised username/password pairs, unless the compromise was due to a Minut system vulnerability.
  • User enumeration possible via response code in sign up endpoints
  • API information and Firmware URLs being publicly available

8. Response Timeline

We aim to respond to all submissions within 5 business days. Our typical timeline for addressing issues is:

  • Initial response: Within 5 business days
  • Triage and assessment: Within 10 business days
  • Fix implementation: Varies based on complexity
  • Reward issuance: Within 30 days of fix verification

Please don’t send automated, scheduled or repeated requests for updates after receiving confirmation that we have received the report.

9. Contact

For questions about this program, please get in touch with our security team at vulnreports@minut.com.

10. Updates to This Policy

We reserve the right to update this policy at any time. Any changes will be posted on this page with an updated revision date.

Características
Para anfitriões e proprietáriosPara gerentes de propriedadesPara proprietários de hotéisMonitoramento de ruído internoMonitoramento de ruído externoDetecção de fumaça de cigarroMonitoramento de ocupaçãoTemperatura, umidadeAlarme domésticoAssistência de guardaAssistência de chamadaAPI
Companhia
Sobre MinutImprensa e mídiaCarreiras
Recursos
PreçosBlogParceirosWebinars e demonstraçõesHistórias de sucessoPara convidadosIntegraçõesCalculadora de economiaIndique um amigoPrograma de afiliadosPolítica de devolução e reembolsoDocumentação para desenvolvedoresConfiguraçãoEspecificações técnicas do produto
LegalTermos de serviçoPolítica de privacidadeTermos de assinaturaDeclaração de ConformidadeDeclaração de acessibilidadeCódigo aberto na Minut
Contato e suporte
Centro de ajudaPERGUNTAS FREQUENTEShello@minut.comEntre em contatoAgende uma demonstração
Idioma
facebookinstagramtwitterlinkedinyoutube
google play storeapple appstore