Livecaller Guides
  • Management Console
    • Getting Started
      • Web Call
      • Co-browsing
      • Omni-Channel Inbox
    • Realtime dashboard
    • Customer profiles
    • Inbox
      • Tag Management
      • Send Email
    • Live conversation
    • Blocked
    • Callbacks
    • Conversation history
      • Export to Excel
      • Export chat to PDF
    • Conversation Reports
    • How to transfer a chat
    • Working hours
    • Widget managemant
      • Pre-chat survey
      • Multi-language translation
      • Message typing preview
    • Chat shortcuts
    • General analytics
    • Agent Report
      • Agents performance
      • Response times
      • Availability
      • Satisfaction
      • Agent Activity
    • Notifications
      • Autoplay Policy
    • Integrations
      • Facebook Messenger
        • Meta Data Managment
      • Viber
      • Telegram
      • Email
    • Permission management
    • Chatbot
      • Events
      • Conditions
      • Actions
    • Automatic rules
    • Roadmap
  • Widget API
    • Javascript API
    • CSS
  • FAQ
    • Web call does not work?
    • How to change or translate widget texts?
    • How to remove "powered by livecaller.io"?
    • Timezone issues
    • Mobile app - iOS, Android
    • Whatsapp integration
    • Does Livecaller support startups?
    • What is the duration for which information history is retained?
    • How to install?
    • Other Questions
  • LiveCaller Bug Bounty Program
Powered by GitBook
On this page

LiveCaller Bug Bounty Program

At LiveCaller, we prioritize the security and privacy of our users. We welcome security researchers and ethical hackers to help us identify and resolve potential vulnerabilities to create a safer platform for all.

Submitting Your Report

  1. To ensure your report is valid, include: ✔ Detailed steps to reproduce the vulnerability. ✔ Verifiable evidence (screenshots, videos, or scripts). Attach files directly—avoid public third-party services.

  2. 📩 Submit your report to: hello@livecaller.io

Response Times

  • Medium and higher severity: Response within 3-5 business days.

  • Low or informational reports: Response within 20 days.

Spam or invalid submissions will be discarded. Once a report is acknowledged, we'll provide periodic updates—please avoid unnecessary follow-ups.

Rewards and Prioritization

Bug bounties are paid in USD, with rewards based on the severity and impact of reported issues.

  • Reward Discretion: Payouts are determined at our sole discretion. Depending on the severity of the vulnerability, you will receive a reward of between $50 to $200.

  • Eligibility: To qualify, you must be the first to report a previously unknown issue that results in a code or configuration change.

Vulnerability Tiers

Rewards depend on the severity of the vulnerability, as assessed by our security team:

  • Low: Minor issues that don’t cause direct harm but could improve security.

    • - Small website security settings missing

    • - Buttons or links that behave unexpectedly

    • - Small bugs in the way pages load

  • Medium: Bugs that require some user action but could still cause harm.

    • - Sending harmful links inside LiveCaller

    • - Finding hidden pages that should not be public

    • - Weaknesses in login security (e.g., too many password tries)

  • High: Issues that expose sensitive data or let attackers take unauthorized actions.

    • - Changing account settings without permission

    • - Seeing private information from other users

    • - Tricking users into making unwanted changes

  • Critical: Bugs that could allow hackers to take full control of LiveCaller, access private user data, or break security completely.

    • - Gaining access to other users' accounts

    • - Controlling LiveCaller servers

    • - Viewing or changing private data without permission

Scope

In-Scope:

  • Livecaller APIs and infrastructure.

  • Customer support systems and chat infrastructure deployed by Livecaller.

Out-of-Scope:

The following are not eligible for rewards:

  • Physical access attempts (e.g., breaking into LiveCaller offices)

  • Social engineering attacks (e.g., phishing, impersonation)

  • Denial-of-Service (DoS/DDoS) attacks

  • Issues in third-party services that LiveCaller does not control

  • Non-sensitive misconfigurations or minor bugs on low-priority pages

Safe Harbor

To distinguish ethical research from malicious activity, please follow these guidelines:

  • Do not access, modify, or harm data that isn’t yours.

  • Use discovered vulnerabilities only to demonstrate the issue to Livecaller.

  • Avoid DoS/DDoS attacks or targeting Livecaller employees and customers.

  • Do not include conditions, demands, or threats in reports.

Livecaller's Commitment

If you act in good faith:

  • We will not pursue legal action or report you for your research.

  • We will advocate for you if third-party legal action arises due to your research.

For clarification on ambiguous activities, contact us before testing. This safe harbor policy does not extend to third-party infrastructure.

Compliance

Participants must comply with all applicable laws and regulations, including those in their local jurisdictions. Researchers are responsible for any required licenses, insurance, or regulatory obligations related to participation.

Program Changes

Livecaller reserves the right to modify the program’s terms at any time without prior notice. Changes take effect immediately, and participants are responsible for reviewing updates periodically.

Legal Notice

  • Participation does not create a partnership, joint venture, or agency relationship with LiveCaller.

  • To the fullest extent permitted by law, LiveCaller is not liable for any damages resulting from participation in this program.

PreviousOther Questions

Last updated 2 days ago