Responsible Disclosure Program
Help us keep My Poker Tourney secure by reporting vulnerabilities responsibly. We appreciate the security community's efforts in making our platform safer.
Before You Begin
Please read this entire page before testing for vulnerabilities. By participating in our responsible disclosure program, you agree to follow the guidelines outlined below.
Program Overview
My Poker Tourney's Responsible Disclosure Program encourages security researchers to report vulnerabilities in our systems. We are committed to working with the security community to verify, reproduce, and address security vulnerabilities.
We promise to:
- Respond to your report within 48 hours
- Keep you informed about the progress of fixing the vulnerability
- Not take legal action against you if you follow our guidelines
- Acknowledge your contribution (with your permission)
In Scope
Domains & Applications
- • mypokertourney.net (main application)
- • api.mypokertourney.net
- • app.mypokertourney.net
- • *.mypokertourney.net (all subdomains)
- • Mobile applications (iOS/Android)
Vulnerability Types
- • Cross-Site Scripting (XSS)
- • SQL/NoSQL Injection
- • Authentication/Authorization flaws
- • Remote Code Execution (RCE)
- • Business logic vulnerabilities
- • Data exposure/leakage
Out of Scope
The following are NOT eligible for rewards:
- • Denial of Service (DoS/DDoS) attacks
- • Social engineering or phishing of our employees or users
- • Physical attacks against our facilities or equipment
- • Vulnerabilities in third-party services we use
- • Spam or volumetric attacks
- • Missing security headers without demonstrable impact
- • Issues related to software or protocols not under our control
- • Vulnerabilities requiring unlikely user interaction
- • Recently disclosed 0-day vulnerabilities (give us time to patch)
Testing Guidelines
Do's
- • Create a test account for your research
- • Test only against your own accounts and data
- • Report vulnerabilities as soon as you discover them
- • Provide detailed steps to reproduce the issue
- • Allow us reasonable time to fix issues before disclosure
- • Delete any data you may have accessed
Don'ts
- • Access or modify other users' data
- • Perform actions that could harm our services
- • Use automated scanners that generate excessive traffic
- • Publicly disclose vulnerabilities before they're fixed
- • Demand compensation or threaten public disclosure
- • Test on production data without creating test accounts
How to Report
Please send your vulnerability reports to:
Include the following information in your report:
- • Type of vulnerability
- • Full URL and affected parameter
- • Step-by-step instructions to reproduce
- • Proof of concept (screenshots, videos, or code)
- • Impact assessment
- • Your contact information
Encryption: For sensitive reports, please use our PGP key available at /security/pgp-key
Response Timeline
Within 48 hours
Initial response and acknowledgment
Within 1 week
Vulnerability verification and severity assessment
Within 90 days
Fix implementation and deployment
Recognition & Rewards
Bug Bounty Program
We offer rewards for qualifying vulnerabilities based on severity:
* Rewards are at our discretion and based on impact, exploitability, and report quality
Security Hall of Fame
We thank the following security researchers for helping keep My Poker Tourney secure:
Be the first to join our Hall of Fame!
Legal
By participating in our responsible disclosure program, you agree that:
- • You will not violate any applicable laws or regulations
- • You will not disrupt our services or harm user experience
- • You will not access, store, share, or destroy user data
- • You assign all rights to discoveries to My Poker Tourney
This program does not create any legal obligation for My Poker Tourney. We reserve the right to modify or terminate this program at any time.
Last updated: 4/12/2026