Bug Bounty

We care tremendously about the security of our products and value working with independent security researchers.

Scope

While we have many products, the bug bounty system covers the following products:

• The Glow iOS app
• The Glow Android app
• The Safari extension in the iOS app
• The Glow browser extension

Rules

The Glow team will decide on reward eligibility along with reward sizing.

• Any disclosure reported to the public first will disqualify the submission.
• Disclosures may be submitted over email to security@glow.app.

We restrict bugs to the following categories:

• A bug that will lead to the leaking of the recovery phrase or secret key to a third party.
• A bug that will lead to the wallet being locked and not recoverable.

For a bug to be valid, the following conditions must be met:

• The attacker must not have physical access to an unlocked device.
• It must not be due to an intentional user mistake.

Rewards

Rewards may be up to $250,000 and will be based on:

• The severity of the bug.
• The likelihood that the bug will affect users.
• The responsibility of the researcher — did the researcher take destructive action or otherwise harm the functioning of our systems.
• The role of the researcher — was the researcher the first person to discover the bug, or is the bug based on some public information.
• How well the report was written and how easy it is to understand.

Other Terms

By submitting your report, you grant Glow all rights to validate, disclose and mitigate the vulnerability. All reward decisions are up to the discretion of the Glow team.

If you are rewarded for your reported bug, you will need to share some personally identifiable information with us for compliance purposes. We will not share this information with anyone else.

This terms and conditions may be altered at any point.

Submit a Bug

You can submit a bug by emailing security@glow.app.