Setu's bug bounty program

Setu works closely with security communities and white-hat hackers to ensure product safety.
We encourage this by offering rewards for ethical vulnerability disclosures via our vulnerability disclosure program (VDP).
API connections

Qualifying vulnerabilities

Our VDP includes vulnerabilities risking user data or service functionality—across all domains, properties, and infrastructure. Reported issues are assessed by our engineers for eligibility and severity.

Reward amounts are determined based on the reported vulnerability’s severity.
Get featured on the Hall of Fame, for your bug finding abilities!

Investigating and reporting vulnerabilities

Report vulnerabilities here with detailed descriptions, hardware/software used, and supporting screenshots or recordings for reproduction. When investigating vulnerabilities, please follow these practices—

• Do not use or attempt to use any account or user information other than your own.

• Do not destroy or compromise any confidential, proprietary, or personal information that you may gain access to.

• Do not intentionally damage our systems or those of any associated third-parties.

• Do not violate any applicable local laws, including privacy & data protection laws.

• Do not compromise or publicly disclose any confidential, proprietary, or personal information that does not belong to you.

• If you make copies of any such information in the course of investigation, please permanently delete them as soon as possible after making the disclosure to us.

• Give us a reasonable period of time (at least 30 days) to fix the vulnerability, before disclosing details elsewhere.


We support responsible security research and will not pursue legal action against individuals who report vulnerabilities in good faith and follow best practices. Additionally, please note that—

• This is not a competition or prize—VDP and rewards offered are at Setu's discretion, subject to withdrawal or modification at any time.

• Participation in the VDP implies confidentiality regarding the vulnerability, and an agreement to delete confidential, proprietary, or personal information obtained during investigation.

• Rewardees are responsible for any applicable taxes on reward amounts.

Report a bug

Please fill this form to submit your bug report. Do make sure you’ve read through our vulnerability disclosure policy beforehand.

Provide a short description and share a Google drive link for a screen recording that can help us reproduce the bug.