Security

BublikArtGallery values your privacy, and it is our goal to maintain the security of our platform. This page describes some steps that we are taking to address potential security issues and to help protect BublikArtGallery, our users, and their data. For more information about how we may collect, store, and use data from our users, please see our Privacy Policy.

Reporting Issues

If you encounter or identify any security issues with BublikArtGallery or any of our websites, mobile applications, or services, please submit the issue via the bounty submission form. Someone from our team will be in touch as soon as possible.

BublikArtGallery Bug Bounty Program

We welcome security researchers that practice responsible disclosure and comply with our policies. Programs by Google, Facebook, Mozilla, and others have helped to create a strong bug-hunting community. The BublikArtGallery bug bounty program gives a tip of the hat to these researchers and rewards them for their efforts. To be eligible for a reward under our bug bounty program, you must comply with the terms outlined below.

Basic Rules

In addition to complying with our Terms of Use and any other applicable terms and conditions, you must also follow these basic rules when participating in our bug bounty program:

          •        Do not access (or attempt to access) any user’s account or non-public data.

          •        Do not affect or harm other users (or their access to or use of our services).

          •        Do not perform any attack that could harm the reliability or integrity of our services or data. For example, DDoS/spam attacks are strictly prohibited.

          •        Do not publicly disclose a vulnerability before we have resolved it.

          •        Do not perform (or attempt) non-technical attacks, including spam, social engineering, phishing, or physical attacks against our employees, users, or infrastructure.

What kinds of reports do not qualify?

The following is a non-exhaustive list of reports that do not qualify for a reward under our bug bounty program:

          •        Issues related to software or protocols not under our control, such as domains or applications that resemble BublikArtGallery, or use one of our APIs, but are not managed by BublikArtGallery.

          •        Issues with functionality that are in development, experimental, or released in a “beta” stage. This includes our staging and review applications.

          •        Disclosure of public information or information that in our opinion does not present a significant risk.

          •        Disclosure of client identifiers and keys intended as a convenience for open-source contributors.

          •        Disclosure of credentials by other parties unaffiliated with BublikArtGallery.

          •        Bugs, such as XSS, that only affect legacy browser/plugin versions, bugs that require exceedingly unlikely user activity or interaction, or timing attacks that prove, for example, the existence of a user.

          •        Cookies shared between different *.BublikArtGallery.com domains.

          •        Bugs that have already been reported to us (i.e. first-come, first-served), or bugs that we are otherwise already aware of.

          •        Issues related to partners.BublikArtGallery.com.

          •        Scripting or other automation and brute-forcing of intended functionality (all of which is strictly prohibited).

Rewards

We may issue monetary rewards for reported issues that we decide to fix, with higher rewards for distinctly creative or severe security issues. Issues that we determine to be an insignificant or accepted risk will not be eligible for a reward. The reward amount will be based on the severity of the issue and range from $25 to $500.

Please note that only reports submitted through the bounty submission form will be eligible for a reward under our bug bounty program.

Checking the Status of Reports or Rewards

We are a small and very busy Engineering Team, and we receive a lot of emails. Please do not send us multiple or repetitious emails asking the same questions about submitted reports or the status of potential bounty payments. This will not accelerate the process and may result in a slower response due to the extra burden on our inbox. We appreciate your patience.

Also, please be aware that repeat submission of issues on the unqualified list may result in you not receiving a response.

A Few Legal Terms

Our bug bounty program is not a contest or competition. It is an experimental and discretionary rewards program. We may modify the terms of this program or terminate this program at any time without notice. All decisions as to the amount and type of rewards that may be issued, the method of payment (for monetary rewards), and whether or not any reported issue constitutes a significant risk or is eligible for a reward, will be determined at BublikArtGallery’s complete discretion in each case. We only issue rewards to individuals and may require a completed and signed U.S. form W-9 or W-8BEN as applicable. We typically issue monetary rewards by Paypal and require your full name and appropriate contact information. You are responsible for any tax implications of any reward you receive and must comply with all tax laws applicable to any rewards that we may issue you. We cannot issue rewards to individuals who are on sanctions lists, or who are located in countries (e.g., Cuba, Iran, North Korea, Sudan, or Syria) that are on sanctions lists. You must comply with all applicable local, state, national, and international laws, rules, and regulations in connection with your participation in this program. Your participation in this program must not disrupt or compromise any data that does not belong to you.