Capacities Docs

Appearance

On this page

Responsible Disclosure Program

Bug Bounty Program deprecated

As of July 3, 2025, our bug bounty program has been deprecated. We are no longer offering rewards for reported vulnerabilities through this program. While we've concluded our public bug bounty program, we continue to welcome responsible vulnerability disclosures from security researchers and professionals.

We made the decision to deprecate our public bug bounty program due to a significant increase in low-quality, generic, and automated submissions. These reports often lacked specific details relevant to Capacities, consuming valuable time and resources that could otherwise be spent on addressing genuine security concerns. Our aim is to focus our efforts on high-impact vulnerabilities and more direct collaborations with the security community.

At Capacities, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.

If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.

Don't do any harm

If you found a potential security vulnerability we'd prefer if you could report it to us directly instead of demonstrating an exploit which could lead to potential issues for Capacities and our users. It's great to demonstrate an exploit but please avoid this if it could cause problems.

How to report a Vulnerability

Please email your findings to team@capacities.io.

When submitting a report, please:

  • Provide clear and reproducible steps: Include sufficient information to reproduce the problem.
  • Do not take advantage of the vulnerability: Avoid actions like downloading excessive data or modifying user data.
  • Do not reveal the problem to others until it has been resolved.
  • Do not use intrusive attack methods such as physical security breaches, social engineering, DDoS attacks, or spam.

Our Commitment:

  • We will respond to your report with our evaluation of the report. Please do not send follow-up emails before receiving our response.
  • If you have followed these guidelines, we will not take any legal action against you in regard to your report.
  • We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission.
  • We will keep you informed of the progress towards resolving the problem.

Thank you for your help in making Capacities more secure! We really appreciate your help!

Opportunity for Collaboration:

We are always looking to collaborate with talented security researchers and professionals on a more structured basis. If you are interested in exploring potential collaboration opportunities, please reach out to us at team@capacities.io with information about your expertise and areas of interest.

Built with ❤️ and ☕️ in 🇪🇺.

Copyright © 2022-present Capacities