Responsible Disclosure

The integrity and safety of our customers' data is top priority for us. We go to great lengths providing a safe environment, but we are not as naïve to think our systems are bullet proof. There may be instances, where security flaws exist in our systems.

General elegibility

  • The security bug must be original and previously unreported.
  • You should use your best effort not to access, modify, delete, or store User Data
  • Lack of clickjacking protection (XFO, CSP) is insufficient to claim a bounty
  • No other sites or subdomains than those listed in the table below is eligible for a bounty
  • We kindly ask of you not to remind us or ask about the status of a disclosure previously reported. It is not going to speed things up.


Bug classification
  Remote Code Execution $30
  Unauthorised Data Access $30
  Authentication Bypass $30
  Database Injection $30
  Domain Takeovers $20
  Vulnerabilities with encryption $20
  Other HoF


  • Social engineering attacks (phishing)
  • Spam and flaws related to DKIM, SPF or DMARC
  • Denial-of-service attacks
  • Rate limiting issues

We will investigate all reports and keep you in the loop. As a small company we cannot provide much of a Bug Bounty, altough we will mention you on our HoF-page. When you're disclosing an issue, please include your name, Type of bug, a Proof of Concept and the Domain. We encourage you, if you've discovered a vulnerability in our systems to help us improve:

Kaddio Responsible Disclosure
Oct 8, 2021

Kaddio Security Researcher Hall of Fame

Date Researcher
2021, Nov Akash Rajendra Patil
2021, Nov Yash Chavhan
2021, Sept Arjun E
2021, July Anjan Neema
2021, July Kartik Khurana
2020, October Mohd Asif Khan
2019, June Tarun Mahour -Abhaychandra Chede
2019, January Sameer Phad
2018, August Vipul Zilpelwar
2018, July Ismail Tasdelen
2018, July k.karthickumar - Cisco Systems Chennai
2018, June Maulik Vaidh, @Maulik1827
2018, May Jineesh Ak använder inga kakor och vi spårar dig inte.