Bug Bounty

Overview

Tsenta takes security seriously. If you discover a vulnerability in our products or services, we encourage you to report it to us through responsible disclosure. We will not take legal action against researchers who report vulnerabilities in good faith and follow this policy.

How to Report

Send your report to founders@tsenta.com with the following information:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact or severity
• Any supporting materials (screenshots, logs, proof of concept)

Scope

The following are in scope:

• Tsenta desktop application (macOS, Windows, Linux)
• tsenta.com and associated web services
• Tsenta API endpoints
• Authentication and authorization flaws
• Data exposure or leakage

The following are out of scope:

• Social engineering or phishing attacks against employees
• Denial of service (DoS/DDoS) attacks
• Vulnerabilities in third-party services or dependencies we do not control
• Reports from automated scanners without demonstrated impact

Compensation

Compensation will be provided based on the severity of the reported vulnerability. We assess severity based on impact, exploitability, and affected scope. We will work with you to determine appropriate compensation after validating the report.

Responsible Disclosure Guidelines

• Give us reasonable time to investigate and fix the vulnerability before disclosing it publicly.
• Do not access, modify, or delete data belonging to other users.
• Do not degrade or disrupt our services during your research.
• Act in good faith and avoid privacy violations, destruction of data, or interruption of services.

Our Commitment

• We will not pursue legal action against researchers who follow this policy.
• We will acknowledge your report and keep you informed of our progress.
• We will credit you (if desired) when we fix the vulnerability.
• We will compensate you based on the severity of the finding.