.
We don’t have a bug bounty program but we are happy to give you a small reward if you can show a potential security bug to us.
We pay rewards for high risk bugs that could affect our system operation or customer’s data.
Important: We only accept high risk XSS bug reports if you can save a script to one of our actual merchant accounts (not your own Zotabox account or a ‘victim’ account you create). Please verify before submitting your report.
You can report a high risk security bug to customerservice@zotabox.com
