TopK Responsible Disclosure & Bug Bounty Policy

At TopK, the security of our systems and the privacy of our users are top priorities. We appreciate the efforts of security researchers and are committed to working with the community to identify and resolve vulnerabilities quickly and responsibly.

If you believe you've discovered a security vulnerability in any of our systems, please report it to us at security@topk.io or follow the reporting guidelines outlined below.

For information about our security compliance and certifications, please visit our Trust Center to learn about our SOC 2 compliance and other security measures.


Scope

In Scope

The following systems and services are eligible for our bug bounty program:

Out of Scope

The following are not eligible:


How to Submit a Report

Please include the following when reporting:

Send all vulnerability reports to security@topk.io.


Response & Resolution

We acknowledge all reports as soon as possible — usually within a few business days. The timeline for resolution may vary depending on the complexity and severity of the issue.

We will keep you informed throughout the process and notify you once the vulnerability has been addressed.


Rewards

TopK offers monetary rewards for eligible and high-impact findings that are responsibly disclosed in accordance with this policy. Reward amounts are determined at our discretion based on severity, exploitability, and overall impact.


Safe Harbor

We are committed to providing a safe and respectful process for security researchers. We will not pursue legal action against individuals who:


Thank you for helping us keep TopK secure.