Log in

Sign up for free
Book a Demo

Log in

Menu

Vulnerability Disclosure Policy

Last updated: April 21, 2026

Overview

At Proxidize Ltd, ensuring the safety and security of our customers, employees, and products is paramount.

We appreciate the security community’s efforts in responsibly identifying and reporting vulnerabilities. This

policy outlines the procedures and guidelines for submitting vulnerabilities to us.

By submitting a vulnerability report, you acknowledge that you’ve read, understood, and agree to adhere to

this policy.

Scope

You are authorized to test the following assets:

Out-of-Scope: Any services or domains not explicitly listed above.

Prohibited Activities

To protect our users and infrastructure, the following actions are strictly prohibited:

  • Denial of Service (DoS) or any form of service disruption.
  • Brute forcing or excessive rate-limiting tests.
  • Automated scans causing high volumes of traffic.
  • Social engineering attacks on employees, contractors, or partners.
  • Any activity resulting in disruption of our services or operations.

Legal Authorization

If you make a good-faith effort to comply with this Policy, Proxidize Ltd will consider your security research on in-scope assets to be authorized under the following conditions:

  • Testing is conducted without causing harm or disruption to Proxidize Ltd, its customers, or third parties.
  • Vulnerability testing remains strictly within the defined scope above.
  • Researchers refrain from publicly disclosing vulnerabilities until Proxidize Ltd has fully remediated the issue and a mutually agreed-upon disclosure timeframe has passed.
  • Researchers comply with all applicable laws in their jurisdiction and the jurisdictions of Proxidize Ltd. 

Reporting a Vulnerability

Submit your detailed vulnerability reports to: [email protected]

Reporting Requirements:

Ensure your report includes:

  • Clear and detailed descriptions of the vulnerability.
  • Impact and risk assessments.
  • Steps to reproduce the vulnerability.
  • Proof-of-concept, ideally including screenshots or video.
  • Specific URLs and IP addresses involved during testing.
  • Any relevant information on how the vulnerability was discovered.
  • Your intended plan or expectations for public disclosure (subject to mutual agreement).

Reports should be written clearly in English. Reports containing proof-of-concept code and detailed reproduction steps will receive priority.

Our Commitment

Upon receipt of your report, Proxidize Ltd will:

  • Acknowledge receipt of your submission as soon as reasonably practicable.
  • Provide an initial substantive response or status update within 30 calendar days.
  • Communicate with you in good faith throughout the validation and remediation process, where appropriate.
  • Notify you after we have validated and remediated the reported issue, where appropriate.
  • Provide acknowledgment for validated vulnerabilities. Proxidize Ltd may, at its sole discretion, offer a reward based on severity, exploitability, impact, report quality, and researcher eligibility.

Reward Scheme

We value the effort security researchers invest in making our platform safer. Based on industry standards and internal impact assessments, Proxidize may offer rewards aligned to the severity and exploitability of reported vulnerabilities. The following tiers are indicative:

Bronze Tier – Up to \$100

  • Client-side Cross-Site Scripting (XSS)
  • Clickjacking with demonstrable risk
  • Access control issues exposing non-sensitive data
  • Insecure Direct Object References (IDOR)

Silver Tier – Up to \$500

  • Stored or persistent XSS with user compromise potential
  • CSRF leading to account changes or unintended transactions

Gold Tier – Up to \$1,000

  • Remote Code Execution (RCE) in Proxidize SDK
  • Unauthorized data extraction from production environments
  • Access control flaws exposing PII or non-public functionality
  • Privilege escalation within Proxidize-managed accounts

Platinum Tier – Up to \$1,500

  • RCE on production infrastructure
  • Authentication bypass granting admin or infrastructure-level access
  • Chainable vulnerabilities resulting in full account or infrastructure compromise

Note: Final reward amounts will be determined by Proxidize Ltd and may vary depending on real-world impact, likelihood of exploitation, and report quality.

In the event of duplicated submissions, the first clear demonstration of a vulnerability will be credited.

We appreciate your commitment to responsible disclosure and the enhancement of security for Proxidize Ltd and its customers.

Talk to Our Sales Team​

Looking to get started with Proxidize? Our team is here to help.

“Proxidize has been instrumental in helping our business grow faster than ever over the last 12 months. In short, Proxidize has empowered us to have control over every part of our business, which should be the goal of any successful company.”

mobile-1.jpg
Makai Macdonald
Social Media Lead Specialist | Product London Design UK

What to Expect:

  • Quick chat to learn about your needs
  • Clear answers on pricing, features, and setup

By submitting this form, you consent to receive marketing communications from Proxidize regarding our products, services, and events. Your information will be processed in accordance with our Privacy Policy. You may unsubscribe at any time.

Contact us
Contact Sales

PRICING

RESOURCES

Products

DOCUMENTATION

COMMUNITY

DOWNLOAD
Sign up for free
Book a Demo