Security Vulnerability Disclosure & Bug Bounty Policy

If you have discovered a security vulnerability on Sathorn Garden, we encourage you to report it to us immediately. We take all legitimate security reports seriously and aim to address issues as quickly as possible.

Before submitting a report, please review this policy, including our reporting fundamentals, reward guidelines, and non-eligible issues.

Fundamentals

If you follow the principles below when reporting a security issue to Sathorn Garden, we will not initiate legal action against you in response to your report.

We ask that you:

Provide reasonable time for us to investigate and resolve the issue before public disclosure.
Do not access or interact with accounts without the owner’s permission.
Avoid privacy violations, data destruction, or service disruption.
Do not exploit the vulnerability beyond what is necessary to demonstrate the issue.
Comply with all applicable laws and regulations.

Bug Bounty Program

We value security researchers who help protect our platform. Eligible reports may qualify for a bounty based on severity, impact, and report quality.

All bounty decisions are made at the discretion of Sathorn Garden.

To be eligible for a reward, you must:

Follow the fundamentals listed above.
Report a valid security vulnerability that impacts privacy or system security.
Provide clear, reproducible steps to demonstrate the issue.
Submit reports through our official contact channels (do not contact employees directly).