Please visit our privacy policy, trust center and privacy center for related details.
Last Updated: April 19th, 2025
The security and safety of our customers' data are of utmost importance. We value contributions from our community that help us identify and address vulnerabilities in our products and services.
How to Report an Issue
If you've discovered a security vulnerability please send an email to security@juicebox.work with the following information:A summary of the vulnerability and its potential impact.Detailed steps to reproduce the issue, including screenshots.Your environment details, such as operating system, browser, and device.If possible, include proof-of-concept code that demonstrates the exploit.We will investigate the issue. We will keep you informed of our progress and may reach out for further details if necessary.
Rewards
We value the efforts of those who contribute to the security of our services by reporting vulnerabilities. While not all reports will qualify for financial compensation, we offer rewards based on the severity and impact of the vulnerability. Recognizable contributions may, in certain cases, qualify for financial compensation. Critical vulnerabilities that are severe, have a CVSS score of 4 or higher, and have not been previously identified by our team, are most likely to qualify.
In Scope
juicebox.ai
chat.juicebox.work
Out of Scope
Automated scanning tools
Social engineering attacks
Brute force attacks
DDoS attacks
Clickjacking on pages without sensitive actions
Theoretical vulnerabilities without demonstrable exploitability
Attacks requiring physical access to a device
Denial of service attacks
We ask you to
Test vulnerabilities only on your own account. If testing involves another account, ensure you have explicit permission.
Avoid copying, modifying, or destroying production data.
Refrain from activities that cause downtime or degradation of our services.
Adhere to our privacy policies, terms of service, and applicable data privacy regulations.D
Do not disclose the vulnerability publicly until it has been reported to us and adequately resolved, allowing us reasonable time to address the issue.
