Submit Security Vulnerability

*Gmail account is required to submit the vulnerability

Bug Bounty Program

Welcome to Groww's Bug Bounty Program! We highly appreciate your efforts in helping us identify and address security vulnerabilities in our platform. Your involvement in this program actively helps in creating a more secure environment for every user on Groww.

Reporting Security Vulnerabilities

If you have discovered a potential security vulnerability, we encourage you to report it to us promptly. We take all reports seriously and will investigate and address any valid findings.

Rewards

Our security team assesses the severity of reported Vulnerabilities/Issues/Bugs individually to decide the appropriate reward. For exceptionally unique and challenging-to-find vulnerabilities vulnerabilities, we may offer higher rewards than the minimum bounty amount. On the other hand, issues with complex requirements and lower risk of impacting our platforms or that align with best practices might receive comparatively lower rewards.

Severity Minimum Bounty Amount
Low $100
Medium $250
High $500
Critical $1000

How to report a bug

  1. Visit our bug bounty submission page: security.groww.in and click on Report a Vulnerability
  2. Fill out the necessary details, including a detailed description of the vulnerability, steps to reproduce it, and any supporting evidence and submit the issue.
  3. Upon submitting the issue, a confirmation email will be sent to claim the submission and begin the bug triage process.
  4. Our security team will review your submission and get back to you if additional information is required.
  5. We aim to provide a timely response and keep you informed about the progress of the investigation.

Targets In-scope


    ✅ groww.in
    ✅ Groww Android Application
    ✅ Groww iOS Application
    ✅ *.groww.in
    

In-scope vulnerability examples

Our bug bounty program covers security vulnerabilities found on the Groww platform, including but not limited to:

Targets Out of Scope


    🚫 growwerp.groww.in
    🚫 tech.groww.in
    🚫 digest.groww.in
    🚫 smallcases.groww.in
    🚫 smallcases-release.groww.in
    

Out of Scope vulnerability examples -

Guidelines and Rules

To ensure a successful bug bounty program, we kindly request that you adhere to the following guidelines and rules:

While we appreciate your participation, it is essential to respect and comply with all applicable laws and regulations. We will not take any legal action against security researchers who act responsibly and in good faith during their participation in the bug bounty program.

However, any unauthorised actions or attempts to exploit vulnerabilities beyond the defined scope will be handled according to the law.

Contact Us

If you have any questions or need further clarification regarding our bug bounty program, please reach out to our security team at [email protected].

Submissions are eligible for validation only when they are submitted through our official bug bounty platform. Any submissions via email or alternative communication sources will not be considered.

Happy bug hunting!