Vulnerability Disclosure Policy

If you think that there is any security or vulnerability issue in VPN Private, we appreciate you report the issue with all related details.

You are welcome to send all types of reports about security-related issues and privacy concerns to [email protected]. For optimal secure communication with us you can use our PGP key:
0D18 1349 7957 48F6 6E04 4814 2959 D4E7 38A0 0A15

After VPN Private Get the Report, we will:

• request the reporter to keep the information and communication of the vulnerability confidential;

• verify the existence of the vulnerability and identify which releases are affected. When confirmed, we will assign a CVE ID to the issue;

• release an updated version of the affected products resolving the issue as soon as possible. If it is not possible to resolve the issue within a reasonable time frame, identified workarounds might be published if that improves the situation in an acceptable way without putting users at risk;

• include a reference to the reporter and/or its organization as part of the release notes, unless the reporter wishes to remain anonymous;

• do its best to keep the reporter updated on the progress of the reported vulnerability.

• In case of the service malfunction that may jeopardize users’ privacy and safety, we will make hot fixes and provide our users with a notification, which includes information about the products impacted and recommendations for further actions.

VDP illustration

The defined response time of the app depends on the severity of the reported vulnerability issue.

• If the issue is of “Critical” priority, we will start working on a fix right away. The fix will be provided to customers as fast as it is commercially reasonable.

• If the issue is of “Important” priority, we will provide a fix with the following planned maintenance works or update release. The fix will be released in the form of a patch.

• If the issue is of “Moderate, Low” priority, we will deliver a fix as a part of the following planned minor or major product release.

Further Actions:

We acknowledge that making release available may sometimes take time. It depends on vulnerability severity, its relation to ongoing release work, and areas affected by the issue. We do not attempt to delay issue resolution, but we ensure all necessary modifications of the appropriate quality, resolve the issue, and avoid regressions introduction.

Thank you very much for your patience and for helping us to resolve the issue.

Public Researcher Rewards Program

Virtual private networks create encrypted communications and are considered a safe remote access method. Users trust the VPN to keep their sensitive information secure. However, VPNs are attractive targets for hackers, and if the VPN gets compromised, the attackers can get full access to all the personal data that was meant to remain anonymous.

It is remotely exploitable vulnerabilities that would allow a hacker to gain unauthorized access to the VPN, that is why it is crucial for us to discover previously unknown security holes in our products and services to make sure you can keep using VPN Private as a reliable and trusted way to access sensitive resources. We encourage vulnerability researchers and users to find flaws in our software and report them directly to us so we could fix them before a hacker exploits them.

The Public Researcher Rewards program aims to reward top-performing security researchers that help make our services better and keep our users safe. Through this program, we reward vulnerability researchers who look into our products' security and invest their time and effort in helping us make VPN Private more secure. To honor cutting-edge contributors, we provide various bonuses and rewards, the level of which is based on the bug severity.

Rewards

Individuals who report critical, high, moderate, and low severity vulnerabilities are eligible to receive a reward. Among a number of factors, the reward's type depends on the report's quality and the estimated risk posed by the vulnerability found.

There are three main types of rewards:

1. If you find and report an issue of “Critical” priority, you will be able to enjoy a free VPN Private Premium subscription for a lifetime and $1000 reward.
2. If you find and report an issue of “Important” priority, you will be offered a 1-year free Premium subscription to our VPN service and $200 reward.
3. If you find and report an issue of “Moderate, Low” priorities, the VPN Private Premium subscription will be free for you for 6 months.
With VPN Private Premium, you will significantly amplify your user experience.

The benefits of a premium subscription include:

• No ads while using the app
• Access to new different locations
• Advanced security features

The reward's size is at the discretion of our dedicated team that reviews all reported issues and decides whether your finding is important and can help us increase security. If it qualifies, you will receive a reward once the issue is fixed. We will acknowledge your submission within 30 days.