Report security issue
Security & Vulnerability Disclosure
At PureFan, we take the security of our platform and our customers’ data very seriously.
If you discover a potential security vulnerability on our website, we encourage you to report it to us immediately. We’ll review every legitimate report and take swift action to resolve the issue.
Fundamentals
If you follow the guidelines below when reporting a security issue, we will not initiate legal action or enforcement against you in response to your report.
We ask that you:
Give us reasonable time to investigate and fix the issue before publicly disclosing any information or sharing it with others.
Avoid interacting with or accessing private accounts or data that don’t belong to you.
Make a good-faith effort to prevent privacy violations or service disruptions — including avoiding data deletion or service degradation.
Do not exploit any discovered vulnerabilities or attempt to further compromise systems or sensitive data.
Comply with all applicable laws and regulations while testing and reporting.
Bounty Program
We value and appreciate the efforts of security researchers who help us improve our platform.
Monetary rewards (“bounties”) for valid reports are granted at PureFan’s discretion, based on the impact, severity, and quality of the submission.
To qualify for a potential reward, you must:
Adhere to all Fundamentals listed above.
Identify a genuine security or privacy vulnerability in our website or infrastructure.
Submit your report through our official contact channels listed below.
If you accidentally access sensitive information while testing, please disclose this immediately in your report.
Allow us time to evaluate and respond — while we review every valid submission, responses may take time depending on severity and volume.
Understand that we reserve the right to publish anonymized reports for educational or transparency purposes.
Reward Guidelines
Rewards are based on the severity and impact of the vulnerability:
Severity Level Example Vulnerabilities Maximum Reward
Critical Remote code execution, privilege escalation, SQL injection exposing data, full account access $200
High Authentication bypass, sensitive information disclosure, stored XSS, insecure session handling $100
Medium Logic flaws affecting multiple users, insecure direct object references $50
Low Open redirect, reflective XSS, minor information leaks Recognition only
💡 Reports must include clear, reproducible steps. Duplicate or unclear submissions may not qualify for a reward.
Multiple issues caused by the same underlying problem may be grouped as one bounty.
Report a Security Issue
If you believe you’ve found a security vulnerability on our website, please contact us directly. We’ll acknowledge your report and work quickly to resolve the issue.
Contact Information
PureFan
📍 Fisher’s Way, Belvedere, DA17 6BT, United Kingdom
📞 +44 7528 49517
🕓 Business Hours: Monday – Friday: 8:00 AM – 6:00 PM | Saturday: 8:00 AM – 12:00 PM