Terms of Service Privacy Policy Refund Policy Community Guidelines Content Guidelines Bug Bounty

Bug Bounty Program

Last Updated: 19 May 2026

We value the security and functionality of our platform and appreciate the community's help in identifying issues. Our bug bounty program rewards users who responsibly report bugs that affect the functionality, security, or user experience of Outfox Stories.

Reward

US$10–$50 cash for each valid bug report, depending on severity and impact. Payment will be made within 30 days of bug verification.

Eligible Bugs

We're interested in bugs that impact:

  • Security vulnerabilities - XSS, SQL injection, authentication bypass, data exposure, etc.
  • Functional bugs - Features that don't work as intended or prevent normal use of the site. We especially want to hear about these!
  • UI/UX issues - Broken layouts, confusing interactions, or things that just feel dumb. We especially want to hear about these too!
  • Data integrity issues - Data loss, corruption, or incorrect calculations
  • Payment processing errors - Issues with subscriptions, support payments, or billing
  • Performance issues - Severe slowdowns or crashes that affect user experience
What Does NOT Qualify

Bounties are for actionable changes that improve the platform. The following are not eligible:

  • Missing optional HTTP headers or other informational-only findings that don't represent a real risk
  • Reports from automated scanners submitted without verification or analysis
  • Theoretical vulnerabilities with no practical exploit or user impact
  • Minor cosmetic issues like typos or trivial styling differences
  • Bugs in third-party services or libraries unless they directly impact our platform
How to Report

Email your report to support@outfoxstories.com. Just give us enough detail to find and reproduce the issue — a short description and the steps you took is usually plenty. Screenshots help if the issue is visual. If you're reporting a security vulnerability, please don't disclose it publicly before we've had a chance to fix it.

What to Expect After You Submit

Please allow up to a week for us to assess your report. If you haven't heard back from us after a week, send a follow-up email — things occasionally slip through. If you're worried your message may have been caught in our spam filter, you can also prompt us via the Contact Us form on the website.

Program Terms
  • Bounties are only paid for the first report of a given issue. Duplicate reports of known bugs are not eligible
  • Low-effort or vague reports may be dismissed without a bounty. A good report includes clear reproduction steps and a description of the actual vs. expected behavior
  • Bugs must be previously unknown to our team
  • You must not exploit the bug for personal gain or to harm other users
  • Do not perform any attack that could harm the reliability or integrity of our services
  • Do not access or modify other users' data without permission
  • We reserve the right to determine bug validity and reward eligibility
Responsible Disclosure

We ask that you give us reasonable time to address the issue before making any information public. We aim to resolve critical security issues within 48 hours and other bugs within 7-14 days, depending on severity.

Questions?
If you have any questions about our bug bounty program, please contact us at support@outfoxstories.com