Security Bug Bounty Program
Full Legal Framework

Continue

  • 1.) The program is designed to coordinate the detection and responsible reporting of security vulnerabilities in publicly accessible systems of Reydix GmbH (“reydix”). The aim is to contribute to the security of our users and to promote security research.

    2.) Eligible participants are natural persons of legal age who are not resident in a country subject to export or trade sanctions. reydix reserves the right to exclude participants from the program at any time without giving reasons.

    3.) Scope of the program
    In scope:
    • Public domains and subdomains under *.reydix.com
    • Web applications, user interfaces, and API endpoints that are accessible without authentication
    • Configurations of email security mechanisms (e.g., SPF, DKIM, DMARC)
    • Client-side vulnerabilities such as XSS, clickjacking, insufficient security headers
    • Misinstallations, open directories, CORS misconfigurations, open redirects

    Out of scope:
    • Internal systems that are not publicly accessible
    • Attacks on payment services, authentication systems, or production data
    • Social engineering, phishing, physical access, attacks on third parties
    • Denial-of-service attacks, brute force or automated scanning
    • Vulnerabilities that are already publicly documented or known to us

    4.) Furthermore, only measures that do not affect third-party user data and do not cause operational disruptions are permitted. In particular, threats, attempts at blackmail, reputation-damaging behavior, or the intentional exploitation of a discovered vulnerability are prohibited.

    5.) Discovered security vulnerabilities must be reported immediately and exclusively via the email address security-bounty@reydix.com. Publication or disclosure of the information to third parties prior to remediation is prohibited.

    6.) reydix may, at its sole discretion, award a reward for reported vulnerabilities. The decision is based in particular on the severity, exploitability, novelty value, and quality of the documentation. There is no legal claim to payment.

    7.) The responsibility for the correct taxation of rewards received lies solely with the recipient.

    8.) Actions taken within the scope of the program do not constitute a violation of reydix's license or terms of use, provided that they were carried out within the permitted scope and these terms and conditions of participation are complied with.

    9.) reydix reserves the right to change or discontinue the program at any time. There is no entitlement to the continuation or payment of rewards for future contributions.

    As of: August 2025