# Bug bounty program

#### Rules

* We will only pay out for disclosures in scope
* Duplicates will not be accepted, you must be the first person to report the vulnerability
* We cannot pay out to sanctioned regions
* Do not access or test our production instance

#### Scope

* Only <https://staging-2.canvasapp.com/> is in scope. Do not test or attack our production environment.
* Issues that significantly affect confidentiality or integrity of user data

#### Out of scope

* Production canvasapp.com
* Marketing content, docs, blog content
* Output from automated scanners
* No load testing (DoS, DDoS)
* Self-XSS
* Social engineering
* Issues that only affect unsupported browsers (e.g. IE6)
* Missing or incorrect SPF, DMARC, DKIM records
* DNSSEC
* Cookie duration
* Widely-known vulnerabilities in libraries, including public zero-days
* Exploits that require user action (e.g. in browser dev tools)
* Missing HTTP headers
* Clickjacking
* Information disclosure of non-user data
* CSRF on anonymous forms
* CSRF attacks that require knowledge of the CSRF token
* Public key disclosure
* Issues with third-party services
* UI/UX issues that do not impact security
* Attacks that require MITM
* SSL/TLS best practices
* Any other trivial bugs

#### Payouts

* P1: $200
* P2: $100
* P3: $50
* P4: $25

#### Disclosure

1. Email <security@canvasapp.com> with the details, steps to reproduce and proof of concept
2. If your disclosure is accepted, you will receive further instructions.
3. If accepted, you will need to provide Form W-9/W-8BEN before your payout can be processed.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://canvasapp.gitbook.io/docs/security/bug-bounty-program.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.