Report Security Issue

At QBConnects, we take the security of our systems and customers’ information very seriously. If you discover a potential security vulnerability on our platform, we encourage you to contact us immediately. We review all legitimate reports and work promptly to resolve verified issues.

Before submitting a report, please review the following guidelines and principles.

Fundamentals

If you follow the principles outlined below when reporting a security issue to QBConnects, we will not initiate legal action or enforcement investigations in response to your report.

We ask that:

You provide us with reasonable time to review and address the issue before making any information about the vulnerability public.

You do not interact with or access another user’s account or data without explicit consent from the account owner.

You make a good-faith effort to avoid privacy violations, data destruction, or service interruptions.

You do not exploit the vulnerability for any reason, including attempting to access sensitive data or demonstrate further impact.

You comply with all applicable laws and regulations when conducting your research.

Bounty Program

We appreciate and reward security researchers who help keep our systems secure by responsibly reporting vulnerabilities.
Monetary bounties are awarded at QBConnects’s discretion, based on factors such as risk, impact, and quality of the report.

To qualify for a bounty, you must:

Adhere to our reporting fundamentals (outlined above).

Identify a valid security or privacy risk within our infrastructure or services.

Submit your report through our Contact Us form or via email (please do not contact employees directly).

Disclose any accidental access to sensitive or private data in your report.

Allow us adequate time to investigate and resolve the issue.

We may choose to publish verified reports to promote transparency and awareness.

Reward Guidelines

Rewards are determined by the severity and impact of the vulnerability, along with the clarity and reproducibility of the report.

Critical Severity — up to $200

Remote Code Execution

Privilege escalation from user to admin

SQL Injection exposing sensitive data

Full account access vulnerabilities

High Severity — up to $100

Authentication bypass

Exposure of confidential company information

Persistent XSS

Local file inclusion vulnerabilities

Medium Severity — up to $50

Logic flaws affecting multiple users

Insecure object references

Low Severity — Recognition Only

Open redirects

Reflective XSS

Minor information disclosure

We aim to maintain fairness and transparency in all bounty determinations.

Contact Information

If you believe you’ve discovered a security issue, please contact us immediately:

QBConnects
📧 Email: support@qbconnects.com
📞 Phone: +44 7633 978025
📍 Address: Blythe Rd, Coleshill, Birmingham B46 1AF, United Kingdom
🕒 Business Hours: Monday – Friday: 8:00 AM – 6:00 PM | Saturday: 8:00 AM – 12:00 PM