Vulnerability Disclosure Policy

Last updated:  August 11, 2025

At Prodege, your privacy and security are critically important to us. We take the protection of our platforms seriously and appreciate the efforts of the security community in helping us protect our users and partners.

If you’ve discovered a potential security vulnerability in any of our services — including Swagbucks, MyPoints, InboxDollars, Tada, or any other Prodege brand — we want to hear from you.

How to Report

Please email us at: disclosure@prodege.com

When submitting a report, include:

• A detailed description of the issue
• Steps to reproduce the vulnerability
• Affected domain, app, or API
• Supporting materials (screenshots, logs, PoC code)
• Your contact information

Note: This email address is intended solely for reporting technical security vulnerabilities. Non-security-related inquiries will not receive a response through this channel.

Bug Bounty

While Prodege does not currently operate a formal bug bounty program, our security team carefully investigates all credible reports. We’re grateful for the time and skill of security researchers and will always treat submissions seriously and respectfully.

What to Expect

• Acknowledge your submission within 3 business days
• Begin investigation and verification promptly
• Communicate progress if further info is needed
• Notify you once remediation is complete

Responsible Research Guidelines

• Avoid actions that could harm users or disrupt services
• Do not access or alter data that isn’t yours
• Allow us reasonable time to resolve the issue before disclosing it publicly
• Comply with applicable laws during your research

In Scope

We welcome reports that affect:

• Prodege.com and affiliated domains
• Our mobile apps and public APIs
• Swagbucks, InboxDollars, MyPoints, Tada, and other Prodege properties

Out of Scope

We typically do not accept reports for:

• Phishing/social engineering
• Denial-of-service (DoS) attacks
• Brute-force attempts
• Vulnerabilities in third-party providers
• Issues without demonstrable security impact (e.g., missing headers)

Safe Harbor

We believe in good-faith security research. If you follow this policy:

• We will not initiate legal action
• We will consider your activity authorized
• We will work with you to understand and resolve the issue

Recognition

While we don’t offer cash rewards, we’re happy to:

• Acknowledge meaningful contributions in our Security Hall of Fame; Acknowledgements & Credits
• Provide a letter of recognition or thank-you certificate upon request

Questions?

Questions or feedback about this policy? Let us know at disclosure@prodege.com.