While we undertake regular external audits of our tools and services with leading information security companies, we also acknowledge the benefit that independent external security researchers can provide.
No system is ever perfect, and therefore, Animal Friends believes that working with skilled security researchers around the world is crucial to identify and fix any weaknesses.
If you believe you have found a security issue in our tools or services, we encourage you to responsibly disclose this to us via our Bug Bounty program. We will work with you to assess and resolve reported issues promptly. All reported bugs will be assessed by our security team to determine if they qualify for a reward. Animal Friends will consider the impact to both the company and our customers and will calculate any reward accordingly.
Our bug bounty program is limited to our customer facing web applications. This includes:
- Our corporate website - https://www.animalfriends.co.uk
- Our customer portal - https://hub.animalfriends.co.uk
- Our vet portal - https://pawtal.animalfriends.co.uk
- Our sales platform - https://quote.animalfriends.co.uk
Do not attempt social engineering or phishing attacks against our customers or employees in any circumstances.
Due to concern regarding availability, do not attempt denial of service attacks, spam or similar activity.
All third-party components and services which are used on the items named within scope are excluded from the Bug Bounty scheme.
Should a successful submission of a vulnerability via our Bug Bounty scheme be deemed worthy of a reward, this will be a cash reward paid via PayPal or bank transfer.
We will pay on a scale of £50 to £400 for vulnerabilities identified and confirmed. We have an option to raise the reward if the vulnerability discovered was critical. Payment will be based on the fact that the vulnerability can be replicated, and has not been identified and remunerated already.
Please inform us responsibly via email@example.com upon discovery of a potential security issue and we will make every effort to work with you to quickly resolve the issue. Notifications sent to any other email address may not be addressed in swift manner.