Contact Information:
Jimfambiz LLC
support@jimfllc.com

If you discover a security vulnerability on jimfllc.com, we ask that you notify us right away. We take all valid reports seriously and aim to resolve issues as quickly as possible. Before submitting a report, please review the guidelines below, including our principles, reward program, and categories of issues that may not qualify.

Principles

When reporting a security concern to jimfllc.com, if you follow these principles, we will not pursue legal action or investigations in response to your report:

  • Allow us reasonable time to investigate and fix the issue before making it public.
  • Do not access, alter, or interact with data or accounts without explicit owner permission.
  • Avoid actions that could compromise privacy, disrupt services, or damage data.
  • Do not exploit the vulnerability for personal gain or further risk demonstration.
  • Always comply with applicable laws and regulations.

Bug Bounty Program

We value the work of security researchers who help us keep our systems safe. Bounties are awarded at our discretion, based on the severity, potential impact, and clarity of the report.

To qualify:

  • Follow the principles outlined above.
  • Report a valid vulnerability that could realistically affect privacy or system security.
  • Submit your findings through our official reporting channel — not directly to staff.
  • If you unintentionally access or expose sensitive data, include that information in your report.
  • Understand that higher-risk reports receive priority. While all valid reports are reviewed, our response time may vary.
  • Agree that we may publish anonymized details of your report.

Rewards

Compensation depends on the severity and reproducibility of the issue. Please include step-by-step instructions so our team can confirm the vulnerability. Duplicate reports of the same issue are not eligible.

Reward tiers:

🛡️ Critical Severity – up to $200
Examples:

  • Remote code or command execution
  • Privilege escalation to full account access
  • SQL injection with data exposure

🔒 High Severity – up to $100
Examples:

  • Authentication bypass (lateral access)
  • Sensitive internal data leaks
  • Stored XSS affecting multiple users
  • Insecure handling of session/authentication tokens

⚠️ Medium Severity – up to $50
Examples:

  • Logic or workflow bypasses
  • Insecure direct object references

ℹ️ Low Severity – Acknowledgment only
Examples:

  • Open redirects
  • Reflected XSS with minimal impact
  • Minor information disclosures

Contact Information
📍 12839 Abalone Way, Houston, TX 77044, United States
📱 (352) 472-3309
✉️ support@jimfllc.com