Last Updated: March 2026

SECURITY VULNERABILITY DISCLOSURE

If you've found a security vulnerability on TERAGARDEN LTD, we encourage you to contact us immediately. We review all legitimate reports and aim to resolve issues quickly. Before reporting, please review this document — including our fundamentals, bounty programme, reward guidelines, and non-reportable issues.

FUNDAMENTALS

If you follow the principles below when reporting a security issue to TERAGARDEN LTD, we will not initiate legal action or enforcement investigations against you in response to your report. This is provided that your actions remain compliant with the Computer Misuse Act 1990, the UK GDPR, and all other applicable UK laws.

We ask that you give us reasonable time to review and fix the issue before disclosing it publicly or sharing it with others.

You do not interact with or access private accounts without the account owner's consent.

You make a good-faith effort to avoid privacy violations, service disruptions, or data destruction.

You do not exploit the issue for any reason, including to demonstrate further risks or access sensitive data.

You comply with all applicable UK laws and regulations, including but not limited to the Computer Misuse Act 1990 and the Data Protection Act 2018.

BOUNTY PROGRAMME

We recognise and reward security researchers who help protect our platform by reporting vulnerabilities. Bounties are awarded at TERAGARDEN LTD's discretion, based on risk, impact, and report quality.

To potentially qualify for a bounty, you must:

Follow the fundamentals listed above.

Report a valid security bug that poses a risk to privacy or security.

Submit your report through our security centre — please do not contact employees directly.

Disclose any accidental privacy violations or disruptions in your report.

Understand that whilst we investigate all valid reports, priority is based on risk. A response may take some time.

Agree that we reserve the right to publish submitted reports.

REWARDS

Rewards are based on the impact and severity of the vulnerability. Please provide detailed and reproducible steps in your report. If the issue cannot be reproduced, it is not eligible for a bounty.

The first valid report of an issue receives the bounty.

Multiple bugs caused by a single underlying issue are treated as one report.

We assess rewards based on impact, exploitability, and report quality.

MAXIMUM REWARD AMOUNTS

Critical Severity – £200
Includes major issues like:

Remote Code Execution

Remote Shell or Command Execution

Vertical Authentication Bypass

SQL Injection that leaks targeted data

Full account access

High Severity – £100
Includes issues such as:

Lateral authentication bypass

Disclosure of sensitive internal data

Stored XSS affecting other users

Local file inclusion

Insecure handling of authentication cookies

Medium Severity – £50
Examples include:

Logic or business process flaws

Insecure object references

Low Severity – Recognition Only
Examples include:

Open redirects

Reflected XSS

Low-sensitivity information leaks

CONTACT INFORMATION

📍 Address: 6 Dunlop Way, Birmingham B35 7AR

Phone: +44 07916 630593

Email: Contact@teragarden.com

🕐 Business Hours

Mon – Sat:  9:00 AM – 10:00 PM

Sunday:  Closed