Bug Bounty
We reward security researchers who responsibly disclose vulnerabilities in the WebNativeApp platform.
1. How to participate
Send findings to security@webnativeapp.com with steps to reproduce, affected URLs, and, where relevant, proof-of-concept code. We do not require you to sign up anywhere before reporting.
2. In scope
The marketing site and dashboard at webnativeapp.com, the onboarding and build APIs, and authentication flows.
3. Out of scope
Denial-of-service testing, spam or social engineering against staff or customers, physical security, and third-party services we integrate with but do not operate, such as app stores or payment processors.
4. Rewards
Rewards are assessed case by case based on severity and impact, following common frameworks such as CVSS. We do not publish a fixed bounty table, but we do recognize and reward valid, previously unreported issues.
5. Rules of engagement
Only test against accounts and data you own. Stop testing and report immediately if you access data that is not yours. Give us a reasonable window to remediate before any public disclosure.
Last updated: July 2, 2026.