Report Security Issues

1Fundamentals (Safe-Harbor Rules)

If you follow the principles below when reporting a security issue to jepordy.com, Jepordy LLC will not initiate legal action or enforcement investigations against you in response to your report. This represents our good-faith safe-harbor commitment to security researchers.

We ask that you:

1. Give us reasonable time to review and fix the issue before disclosing it publicly or sharing it with others — generally a minimum of 90 days from acknowledgment.
2. Do not interact with or access private accounts without the account owner's explicit consent.
3. Make a good-faith effort to avoid privacy violations, service disruptions, destruction of data, or interruption of generator orders in progress.
4. Do not exploit the vulnerability for any reason, including to demonstrate further risks or access sensitive data beyond what is strictly necessary to confirm the issue.
5. Comply with all applicable local, state, and federal laws and regulations — including the U.S. Computer Fraud and Abuse Act (CFAA).
6. Use only your own test accounts or accounts for which you have written authorization.

2Bounty Program

Jepordy LLC recognizes and rewards security researchers who help protect our platform by responsibly reporting vulnerabilities. Bounties are awarded at Jepordy LLC's sole discretion, based on risk level, impact, and report quality.

To potentially qualify for a bounty, you must:

1. Follow all fundamentals listed above.
2. Report a valid security vulnerability that poses a genuine risk to user privacy or platform security.
3. Submit your report directly to Contact@jepordy.com — please do not contact employees directly or post on social media.
4. Disclose any accidental privacy violations or service disruptions that occurred during your research.
5. Understand that while we investigate all valid reports, response priority is based on risk severity and may take time.
6. Agree that Jepordy LLC reserves the right to publish submitted reports at our discretion, with the reporter's credit (or anonymously, at the reporter's request).

3Severity Tiers & Rewards

Rewards are based on the impact and severity of the reported vulnerability. Please provide detailed and reproducible steps in your report — issues that cannot be reproduced are not eligible for a bounty.

• The first valid report of a given issue receives the bounty.
• Multiple bugs caused by a single underlying issue are treated as one report.
• We assess rewards based on impact, exploitability, and overall report quality.

4Non-Reportable Issues

The following are generally out of scope and not eligible for a bounty:

• Denial of Service (DoS / DDoS) attacks or testing
• Spam or social engineering attacks against Jepordy LLC staff
• Physical security issues (warehouse, office, freight)
• Vulnerabilities in third-party services or plugins not directly controlled by Jepordy LLC (e.g., WooCommerce core, WordPress core, Cloudflare, Stripe, PayPal)
• Reports generated solely by automated scanning tools without manual validation
• Issues already known to our team or previously reported
• Best-practice recommendations without a demonstrated security impact
• Self-XSS that requires the victim to paste code into their own browser console
• SPF, DKIM, or DMARC misconfigurations without a demonstrated phishing impact
• Outdated software versions without a proven exploitable vulnerability

5How to Submit a Report

To report a security vulnerability, please send an email to Contact@jepordy.com with the subject line:

Your report should include:

• A clear, technical description of the vulnerability
• Step-by-step instructions to reproduce the issue
• The potential impact and worst-case scenario
• Any screenshots, videos, or proof-of-concept code (if applicable)
• The URL, endpoint, or specific page affected
• Your preferred attribution (your name, handle, or anonymous)