Program Terms and Conditions

• If you’re able to gain access to an account, system, user, or data, stop at the point of identification and report. Do not dive deeper to assess how much more is accessible.
• Show that you could exploit a vulnerability, but do not actually exploit the vulnerability or harm April or any of our users, partners, shareholders, or employees.
• Do not engage in disruptive testing like DoS or any action that could impact our users or the confidentiality, availability, or integrity of our data, information, or systems.
• Do not engage in social engineering or phishing of users or employees.
• Do not access, modify, copy, download, delete, compromise, or otherwise misuse others’ data; access non-public information without authorization; degrade, interrupt or deny services to our users; and/or incur loss of funds that are not your own.
• Adhere to the laws of your location and April’s location. You’re prohibited from participating in the program if you’re a resident of any U.S.-embargoed jurisdiction, including but not limited to Iran, North Korea, Cuba, the Crimea region, and Syria; or if you’re on the U.S. Treasury Department’s list of Specially Designated Nationals or the U.S. Department of Commerce Denied Person’s List or Entity List. By participating in the program, you represent and warrant that you’re not located in any such country or on any such list, and that you are 18 years of age or older.
• Do not use the existence of a potential vulnerability to make threats, extortion demands, or ransom requests.
• By submitting a report to April, you agree that you may not publicly disclose your findings or the contents of your report to any third parties without April’s prior written approval.
• Engage in vulnerability testing only within the scope of our responsible disclosure program.