Report a Security or Privacy Vulnerability
TaxDome’s Bug Bounty Policy applies to security vulnerabilities found within its public-facing online environment.
TaxDome’s Bug Bounty Policy applies to security vulnerabilities found within its public-facing online environment.
The purpose of the Policy is to establish the rules for the review, evaluation, application, and verification of system updates to mitigate vulnerabilities in the IT environment and the risks associated with them. If you believe you have discovered a security or privacy vulnerability in the TaxDome product, please report it to us.
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of the this site. Therefore it is recommended that you do not disable cookies.
Any security researcher is required not to take any destructive action that could result in:
In case you suspect that a vulnerability of this kind exists, please contact TaxDome development team at help@taxdome.com.
We classify vulnerabilities based on their potential impact on our systems. This helps us prioritize fixes and determine appropriate rewards. The severity levels are:
Here are some examples of vulnerabilities classified by their severity level:
TaxDome is committed to protecting our clients from phishing attacks. Phishing emails are fraudulent attempts to trick recipients into revealing sensitive information, such as usernames, passwords, or financial data. Sometimes, these emails appear to be from legitimate sources, such as a firm owner using TaxDome.
What to Look Out For
Phishing emails can be very convincing, but there are some red flags to watch out for:
If you receive a suspicious email claiming to be from your firm owner or TaxDome, please do not click on any links or attachments.
Reporting Phishing Attempts
While we appreciate your vigilance, please note that reports about phishing attempts are not eligible for our Bug Bounty program. Our program focuses on identifying vulnerabilities within the TaxDome platform itself.
Please note that we only pay fees for original reports. If a duplicate is registered, we will inform you when the first report is filed.
Ineligible Reports:
Last updated July 25, 2024