Security
How VibeBounty protects reports, evidence, and payout workflows.
VibeBounty is a security marketplace, so platform controls focus on access boundaries, abuse prevention, evidence handling, and payment integrity.
Platform controls
Role-based access
Developers, hackers, and admins have separate application paths and authorization checks around private data.
Private evidence storage
Sensitive report artifacts are stored separately from public product assets and are fetched through trusted server paths.
Anti-abuse gates
Disposable email checks, reputation credits, telemetry scoring, duplicate checks, and canary verification reduce spam and low-quality submissions.
Payment separation
Stripe handles subscriptions, connected accounts, checkout, and payout movement. VibeBounty stores references needed to reconcile state.
Admin review
Admins can review suspicious accounts, disputed reports, and platform abuse while preserving the report audit trail.
Worker isolation
Automated reproduction jobs are queued and processed by a dedicated Cloudflare Worker rather than blocking the app request path.
Reporting a VibeBounty platform issue
- 1Use a minimal proofDemonstrate the issue with your own account or a harmless test case. Do not access unrelated reports or payment data.
- 2Send the details privatelyUse the contact form or email security@vibebounty.com with affected URL, steps, impact, and evidence.
- 3Wait for confirmationWe will acknowledge valid platform security reports and coordinate disclosure timing after remediation.
Do not test other developers' programs through this security contact path. Program-specific findings should be submitted through the relevant program page.