SumUp Bug Bounty Program
SumUp is committed to maintaining high levels of security and reliability, and we are continuously seeking ways to enhance our systems and processes. We are looking forward to collaborating with the security community to identify vulnerabilities, in order to ensure the safety of our customers and businesses.
How to report a security issue
We utilise a private program through HackerOne to receive vulnerability disclosures. The following method should enable you to gain access to our private program, even if you have not been previously invited to it.
Please send a quick message to [email protected]. You will receive an automatic reply from the HackerOne platform shortly, which will contain a link to onboard the platform and submit your findings. Upon clicking the link, you will be prompted to log in with your H1 account details (or create one, if you do not already have an account). Your message will be saved as a draft report, awaiting your formatting and final touches prior to submission.
To be eligible for a reward, all submissions must be made through the HackerOne platform, as it is the sole avenue utilised by SumUp to grant prizes to security researchers. Any findings submitted through alternative channels will not be considered for a reward.
Please ensure that you review our Policy page, which contains our program rules, complete scope, bounty table, rules of engagement, and response timelines.
FAQs
Does SumUp award bounties?
What NOT to report?