Black Forest Fancies values your privacy, and it is our goal to maintain the security of our platform. This page describes some steps that we are taking to address potential security issues, and to help protect Black Forest Fancies, our users, and their data. For more information about how we may collect, store, and use data from our users, please see our Privacy Policy.
REPORTING ISSUES
If you encounter or identify any security issues with Black Forest Fancies or any of websites, mobile applications, or services, you may contact our Engineering Team directly by email at [email protected]. Someone will be in touch, usually within 7 days.
Black Forest Fancies BUG BOUNTY PROGRAM
We welcome security researchers that practice responsible disclosure and comply with our policies. Programs by Google, Facebook, Mozilla, and others have helped to create a strong bug-hunting community. The Black Forest Fancies bug bounty program gives a tip of the hat to these researchers and rewards them for their efforts. In order to be eligible for a reward under our bug bounty program, you must comply with the terms outlined below.
BASIC RULES
In addition to complying with our Terms of Use and any other applicable terms and conditions, you must also follow these basic rules when participating in our bug bounty program:
- Do not access (or attempt to access) any user’s account or non-public data.
- Do not affect or harm other users (or their access to or use of our services).
- Do not perform any attack that could harm the reliability or integrity of our services or data. For example, DDoS/spam attacks are strictly prohibited.
- Do not publicly disclose a vulnerability before we have resolved it.
- Do not perform (or attempt) non-technical attacks, including spam, social engineering, phishing, or physical attacks against our employees, users, or infrastructure.
WHAT KINDS OF REPORTS DO NOT QUALIFY?
The following is a non-exhaustive list of reports that do not qualify for a reward under our bug bounty program:
- Disclosure of public information or information that in our opinion does not present a significant risk.
- Disclosure of client identifiers and keys intended as a convenience for open-source contributors.
- Disclosure of credentials by other parties unaffiliated with Black Forest Fancies.
- Bugs, such as XSS, that only affect legacy browser/plugin versions, bugs that require exceedingly unlikely user activity or interaction, or timing attacks that prove, for example, the existence of a user.
- Cookies shared between different *.blackforestfancies.com domains.
- Bugs that have already been reported to us (i.e. first-come, first-served), or bugs that we are otherwise already aware of.
- Issues with functionality that is in-development, experimental, or released in a “beta” stage.
- Scripting or other automation and brute forcing of intended functionality (all of which is strictly prohibited).
- Issues related to software or protocols not under our control.