We take data security seriously. Over 10,000 customers worldwide rely on OnePageCRM to keep their data safe and secure.
We’ve created a Bounty Program to reward those who report vulnerabilities in order to help us keep our security at the highest of standards. Such programs work by providing a monetary reward or “bounty,” to security researchers who responsibly disclose security issues on our app.
Security of user data is of utmost importance to OnePageCRM. The OnePageCRM development team consists of trusted and experienced developers that continuously evaluate our coding practices to recognize and shore up vulnerabilities.
To ensure security is at the highest of standards, we welcome responsible disclosure of any vulnerability you find.
Access and expose customer data that is your own
Avoiding scanning techniques that are likely to cause degradation of service to other customers (e.g. by overloading the site)
Keep within the guidelines of our Terms Of Service
Keep details of vulnerabilities secret until OnePageCRM has been notified and had a reasonable amount of time to fix the vulnerability
In order to be eligible for a bounty, your submission must be accepted as valid by OnePageCRM
Principles of responsible disclosure include, but are not limited to:
Reporting Security Bugs
If you suspect you've discovered a security bug or vulnerability in OnePageCRM, we encourage you to report it to us straight away
Provide as many details as possible in your report
We must be able to reproduce the security bug from your report
This program does not allow for public disclosure of the vulnerability without expressed permission. If you wish to disclose the report, we require that you ask us first
To participate the program you must comply with the Bug Bounty Policy
Examples of Qualifying Vulnerabilities
Authentication or authorization flaws
Cross-site scripting (XSS)
Cross-site request forgery (CSRF/XSRF)
Server-side code execution bugs
Circumvention of our Platform/Privacy permissions model
Examples of Non -Qualifying Vulnerabilities
Denial of Service vulnerabilities (DOS)
Possibilities to send malicious links to people you know
Security bugs in third-party websites that integrate with OnePageCRM
Mixed-content scripts on onepagecrm.com
Insecure cookies on onepagecrm.com
Vulnerabilities that require a potential victim to install non-standard software or otherwise take active steps to make themselves be susceptible
We offer rewards for qualifying vulnerabilities based on severity and completeness of the submission, as determined by OnePageCRM’s security team. Awards are granted entirely at the discretion of OnePageCRM.
Only 1 bounty will be awarded per vulnerability.
If we receive multiple reports for the same vulnerability, only the person offering the first clear report will receive a reward.
We maintain flexibility with our reward system, and have no minimum/maximum amount; rewards are based on severity, impact, and report quality.
If you have any security concerns, questions and comments please get in touch at