Bug Reporting & Security Disclosure

It is important to understand that this is strictly not a bug bounty program. While we value and appreciate responsible reports, there are no rewards, incentives, or monetary payouts of any kind associated with reporting bugs or vulnerabilities.

By sending a report, you acknowledge that you are doing so voluntarily, without any expectation of compensation or recognition.

Jiroshi is currently an MVP (Minimum Viable Product) and not a full-fledged, production-grade platform yet.

This means our primary focus is on validating the core experience and critical flows. As a result, minor issues, cosmetic bugs, or smaller edge cases may be intentionally deprioritized or not addressed immediately.

We will prioritise fixing issues that:

• Impact core functionality or prevent normal usage of the product.
• Pose a reasonable security risk or data integrity concern.
• Cause significant confusion or break critical user journeys.

Simpler bugs that can be reasonably overlooked at this MVP stage may not be fixed right away, even if reported. This is a deliberate product decision while we evolve the platform.

Jiroshi is an MVP. The product has not yet been fully validated in the market, and we are not inviting or authorizing proactive security assessments at this stage.

We do not authorize penetration testing, vulnerability scanning, automated security probes, or any form of active security testing against our systems, APIs, or infrastructure unless we have explicitly agreed in writing beforehand.

If you run such tests without our prior written consent, you may be in violation of applicable law and our Terms of Service. We reserve the right to take appropriate action, including blocking access and pursuing legal remedies.

Once the product is validated and we are ready for formal security reviews, we may publish clear guidelines and, where appropriate, invite authorized testing. Until then, we ask that you limit your interaction to normal use and report only what you discover in that context.