We welcome responsible security researchers to help identify and fix vulnerabilities in our virtual office platform.
Instaspaces runs a bug bounty program to encourage security researchers to responsibly discover and disclose security vulnerabilities in our services.
Your efforts help us protect the virtual office platform trusted by thousands of Indian businesses for GST compliance and workspace solutions.
Rewards are based on severity and business impact
Issues that could lead to complete system compromise, remote code execution, privilege escalation, or exposure of highly sensitive customer data.
Vulnerabilities that significantly affect confidentiality, integrity, or availability but require some limitations or user interaction.
Security weaknesses with limited issues requiring multiple conditions to be met.
Minor security issues with minimal risk.
Transparent and researcher-friendly rewards
Provide detailed reproduction steps and proof of concept.
Our security team verifies severity, impact, and scope.
Bounty amount is determined by severity and report quality.
Rewards are paid via Bank Transfer or UPI within 30 days.
Bonus Rewards: Exceptional reports with clear impact analysis, proof-of-concept demonstrations, and responsible disclosure practices may receive additional recognition and enhanced bounty payouts.
Focus your research efforts on approved assets. Findings affecting in-scope assets are eligible for bounty consideration.
Customer dashboards, workspace portals, account settings, booking flows, and publicly accessible application interfaces.
REST APIs, authentication endpoints, authorization logic, business workflows, and integration endpoints.
Findings affecting assets outside the defined scope may not qualify for rewards. When in doubt, contact the security team before testing.
To ensure responsible security testing, please follow these guidelines while participating in our Bug Bounty Program.
Activities that compromise customer privacy, impact service availability, attempt unauthorized access to third-party systems, or violate applicable laws may result in immediate disqualification from the Bug Bounty Program and further action if required.
Submit a detailed vulnerability report and our security team will validate, triage, coordinate remediation, and reward eligible findings.
webmaster@instaspaces.in
Send detailed vulnerability reports directly to our security team
We guarantee no legal action will be taken against researchers who follow our Disclosure Policy and responsibly disclose vulnerabilities.