Reviews 4,000+ Verified REVIEWS
Services
Tax Guide
WhatsApp
Services
Tax Guide
Articles
All articles

Report a Security or Privacy Vulnerability

TFX's Bug Bounty Policy applies to security vulnerabilities found within TFX's public-facing online environment.

Purpose

The purpose of the Policy is to establish the rules for review, evaluation, application, and verification of system updates to mitigate vulnerabilities in the IT environment and the risks associated with them. If you believe you have discovered a security or privacy vulnerability in TFX, please report it to us.

Disabling Cookies

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of the this site. Therefore it is recommended that you do not disable cookies.

Bounty Eligibility

Any security researcher is required not to take any destructive action that could result in:

  • Loss of data from other users
  • Denial of Service for other users
  • Add to any Block List

In case you suspect that a vulnerability of this kind exists, please contact TFX at security@tfx.tax.

Program Rules

Fees are paid for original reports only. In case of a duplicate, we will inform you when the first report was registered.

Ineligible Reports:

  • Everything that is not under our control (third-party services)
  • Everything that requires physical access to device or network
  • Everything that requires outdated versions of software or hardware
  • Social engineering, phishing etc.
  • Recommendations and best practices, as long as there is no specific exploit

How to Report Security or Privacy Vulnerabilities?

  1. If you believe you have discovered a security or privacy vulnerability that affects TFX services, or web servers, contact us.
  2. We welcome reports from everyone, including security researchers, developers, and customers.
  3. To report a security or privacy vulnerability, send an email to security@tfx.tax and include relevant videos, crash logs, and system diagnosis reports in your message.
  4. You’ll receive a reply from TFX to acknowledge that we received your report. We’ll contact you if we need more information.