We takes steps to improve our product and provide secure solutions to our customers. In this Bug Bounty Policy ("Policy"), we describe the circumstances applicable to our Bug Bounty program and how it is to be used in connection with your use of our website at https://shopiro.ca/ , including, but not limited to, the mobile app, social media pages or other online properties (collectively, the “Website”) , or when you use any of the products, services, content, features, technologies or functions that we offer (collectively, the “Services”). This policy is designed to help you obtain information about how you can participate in our Bug Bounty program, what safe search results are applicable, and what benefits you may receive. Please note that our service offerings may vary by region.
For all purposes, the English language version of this policy will be the original and governing instrument. In the event of a conflict between the English version of this policy and any subsequent translation to another language, the English version shall prevail and control.
We will send you an e-mail to advise you of changes done to the english version. These changes take effect immediately.
In order to improve Shopiro and the Services, the Shopiro Bug Bounty program offers our users the opportunity to earn a reward for identifying technical issues.
How can you communicate the results of your Bug Bounty program to us?
All such communications should be addressed to bug-bounty@shopiro.ca. In your submission, please specify a full description of the vulnerability and verifiable evidence that the vulnerability exists (explanation / steps to reproduce / screenshots / videos / scripts or other material).
Violation of any of these rules may result in the ineligibility of a bonus.
All outcomes are assessed using a risk-based approach.
Before we start discussing the details related to the confirmed issues you have identified under the Bug Bounty program, including compensation, etc., you will need to enter into a nondisclosure agreement with us.
All of these rewards are paid for by Shopiro. All rewards can only be paid if they are not in violation of applicable laws and regulations, including, but not limited to, trade sanctions and economic restrictions.
Due to the variable and complex nature of the technical issues, we have not established a specific timeframe for the analysis of results under the Bug Bounty program. Our analysis is not complete until we have confirmed the existence or absence of a vulnerability.
Some vulnerabilities are considered out of the scope of the Bug Bounty program. These out-of-reach vulnerabilities include, but are not limited to:
