Please contact us immediately if you discover any security vulnerabilities or weaknesses on Purpleby.com.

We take all valid security reports seriously and will investigate and resolve verified issues as quickly as possible.

Before submitting a report, please carefully review the guidelines below, including our core principles, reporting requirements, and non-eligible submissions.

SECTION 1 – CORE PRINCIPLES

Purpleby will not pursue legal action against individuals who report security vulnerabilities responsibly and in accordance with this policy.

We ask all researchers and users to follow these principles:

Allow Reasonable Time

  • Provide us sufficient time to investigate and resolve the issue before publicly disclosing it.

Respect User Privacy

  • Do not access, modify, or retrieve personal data belonging to other users without explicit permission.

Act in Good Faith

  • Avoid actions that may disrupt services, compromise privacy, or damage systems or data.

Do Not Exploit Vulnerabilities

  • Do not use vulnerabilities to extract sensitive data or escalate system access.

Follow Applicable Laws

  • All testing and reporting must comply with local and international laws.

SECTION 2 – SECURITY REWARD PROGRAM

Purpleby values the contributions of ethical security researchers and may offer rewards for valid vulnerability reports.

Bounties are awarded at our sole discretion based on:

  • Severity of the issue
  • Potential security or privacy impact
  • Quality and clarity of the report

To qualify for a bounty, you must:

  • Follow all core principles outlined in Section 1
  • Submit a valid and reproducible security vulnerability
  • Report responsibly without causing harm or disruption
  • Submit reports through our official communication channels

If you accidentally access sensitive data during testing, you must stop immediately and report it without further investigation.

SECTION 3 – NON-ELIGIBLE SUBMISSIONS

The following issues do not qualify for rewards:

  • Spam, phishing, or social engineering attacks not related to system vulnerabilities
  • Missing SPF, DKIM, or DMARC records
  • Clickjacking on non-sensitive pages
  • Rate limiting or brute-force issues without clear security impact
  • Denial-of-Service (DoS) or stress testing attacks
  • Vulnerabilities requiring rooted or jailbroken devices
  • Issues affecting outdated browsers or third-party extensions

HOW TO SUBMIT A REPORT

If you discover a vulnerability, please include as much detail as possible, such as:

  • Step-by-step reproduction instructions
  • Description of the potential impact
  • Screenshots, logs, or code snippets (if available)

Please submit your report using the following contact details:

📧 Email: contact@purpleby.com

CONTACT INFORMATION

For questions, updates, or deletion of your personal data, contact us:

📍 Address: 58208 Co Rd 23, Carr, CO 80612, USA

📱 Phone: +1 251 365 2019

✉ Email: contact@purpleby.com