Security Disclosure

If you’ve found a security vulnerability on Jakoda.com, we encourage you to contact us immediately. We’ll review all legitimate reports and work quickly to resolve them. Before reporting, please review this document including our principles, bounty program, reward guidelines, and what’s out of scope.

Fundamentals

If you follow the guidelines below when reporting a security issue to Jakoda.com, we will not pursue legal action against you.

  • Give us reasonable time to review and fix the issue before disclosing it publicly.
  • Do not interact with private accounts without explicit permission.
  • Avoid privacy violations and service disruptions during your research.
  • Do not exploit any discovered issue beyond what is necessary to demonstrate the risk.
  • Do not violate any applicable laws or regulations.

Bounty Program

We appreciate and reward researchers who help keep Jakoda secure. Bounties are awarded at our discretion based on risk, impact, and other factors. To qualify, you must:

  • Follow our guidelines above.
  • Report a real vulnerability in our services or infrastructure.
  • Submit your report through our security center (do not contact staff directly).
  • If you cause an accidental issue while testing, include it in your report.
  • We review all valid reports, though response time may vary based on severity and volume.
  • We reserve the right to publish reports.

Rewards

Rewards are based on severity, exploitability, and report quality. Below are maximum bounty amounts by severity level:

Critical Severity ($200)

Includes privilege escalation, remote code execution, or account takeover.

  • Remote Code Execution
  • Command Injection
  • Authentication Bypass (Admin Level)
  • SQL Injection with data leakage
  • Full account access

High Severity ($100)

Affects platform security or its core processes.

  • Lateral Authentication Bypass
  • Sensitive Information Disclosure
  • Stored XSS
  • Local File Inclusion
  • Insecure Cookie Handling

Medium Severity ($50)

Affects multiple users, little or no interaction needed.

  • Logic flaws or business process issues
  • Insecure object references

Low Severity

Typically needs user interaction or specific conditions.

  • Open Redirects
  • Reflected XSS
  • Low-sensitivity Information Leaks

Thanks for shopping with confidence!

CONTACT INFORMATION

We are providing 24/7 Customer Support

Phone: +1 (615) 652 3597

Email Us: Contact@jakoda.com

Address: 1133 Polk Ave, Nashville, TN 37210, United States