Security
Security at OrbVPN
Security is our foundation. Learn about our practices, report vulnerabilities, and earn rewards through our bug bounty program.
Our Security Practices
End-to-End Encryption
All data encrypted with AES-256-GCM and post-quantum algorithms
Zero-Knowledge Architecture
We cannot access your data even if compelled to
Regular Audits
Regular security assessments and code reviews
Transparent Practices
Committed to transparency in our security practices
Bug Bounty Program
Help us find and fix security vulnerabilities. Earn up to $25,000 for critical findings.
Critical
$5,000 - $25,000
- • Remote code execution
- • Authentication bypass
- • Data breach vulnerabilities
High
$1,000 - $5,000
- • Privilege escalation
- • Sensitive data exposure
- • SQL injection
Medium
$250 - $1,000
- • XSS vulnerabilities
- • CSRF attacks
- • Information disclosure
Low
$50 - $250
- • Minor information leaks
- • Configuration issues
- • Low-impact bugs
Program Scope
In Scope
- OrbVPN client applications (all platforms)
- OrbVPN API and backend services
- OrbGuard security suite
- orbvpn.com and subdomains
Out of Scope
- Third-party services and integrations
- Social engineering attacks
- Physical attacks on infrastructure
- Denial of service attacks
Program Rules
- 1Provide detailed reports with steps to reproduce
- 2Give us reasonable time to fix before disclosure (90 days)
- 3Don't access or modify data belonging to other users
- 4Don't perform attacks that could harm our infrastructure or users
- 5One vulnerability per report
- 6First reporter of a valid issue receives the reward
Hall of Fame
Recognizing the security researchers who help keep OrbVPN safe.
No entries yet. Be the first to find a qualifying vulnerability.
Report a Vulnerability
Found a security issue? Report it to our security team. We respond within 24 hours.
Email: security@orbvpn.com
PGP Key: Download