Security Bounty Program

Update, March 9th 2021: The security bounty program is temporarily deactivated for now. We won’t be accepting any requests nor paying rewards until this is re-activated. Learn more.

At ImprovMX, the security of our users’ data is a priority. We build our software and infrastructure with this goal in mind. That’s why we decided to welcome your help through our bounty program to put our security to the test!

To take advantage of it, you’ll need to follow a few guidelines:

What we’re looking for

We’re looking for any security exploit. But we’ll be extra generous with:

Please keep in mind this bounty program doesn’t concern regular bugs in our application, but only security flaws allowing intruders to gain access to data of other users. If you wish to report a regular bug, contact

Examples of Non-Qualifying exploits

Some exploits are excluded from our compensation scheme, including:

Examples of Non-Qualifying reports

These are theoretical vulnerabilities we’re aware of, but we decided they didn’t present any risk in our case:


Our reward system is flexible and doesn’t have any strict upper or lower limit. This means particularly creative or severe bugs will be rewarded accordingly. The amount will exclusively depend on the severity of the vulnerability.

Rewards will be sent using Paypal once the vulnerability has been fixed. These services collect a fee for processing the transaction, which gets deducted from the amount awarded. Please note that you are responsible for paying the proper amount of taxes in your country on the amount you are getting compensated.

Report submission

As of March 9th 2021, our bug bounty is temporarily closed for submissions as we investigate a way to trim down on the behavior of certain actors reporting non-qualifying exploits and bugging the team about getting a payment.

If you have any questions regarding the program or why we decided to put it on hold, please contact us at

Hall of fame

As of today, we sent a total of $1,050 USD.