Report Security Issue

(operated by THE TRANSPORTER PTY LTD)

We care deeply about the safety of our customers and the resilience of our services. If you’ve discovered a potential security issue, we invite you to share it with us responsibly so we can remediate it promptly.

We review all good-faith reports and work to address confirmed issues as quickly as we reasonably can.

1) Safe Harbor (Good-Faith Research)

To encourage responsible research, we will not pursue legal action or initiate law-enforcement referrals for your report provided that you:

  • Allow reasonable remediation time before any public disclosure.

  • Do not access, alter, or exfiltrate data that isn’t yours. If you inadvertently access non-public data, stop immediately and report what you saw.

  • Act to avoid harm: no privacy violations, service degradation, or data destruction.

  • Do not exploit the vulnerability (including for personal gain or to escalate impact).

  • Comply with applicable laws and regulations during testing.

2) Reporting a Vulnerability

Please email security findings to: Support@Gtbike.zone

To help us validate and fix issues faster, include:

  • Issue summary and affected domain/endpoint/page.

  • Clear reproduction steps, including required preconditions.

  • Proof-of-concept (screenshots, minimal payloads, short video, or code snippets).

  • Impact assessment: what an attacker could achieve, and suggested mitigation if you have one.

We investigate all valid submissions. Triage is prioritized by risk and impact, so response times may vary.

3) Bug Bounty Overview

We offer discretionary monetary rewards for submissions that materially improve user security. Award decisions consider severity, exploitability, real-world impact, and report quality.

Program rules:

  • You must follow the Safe Harbor principles above.

  • Duplicates: when multiple reports cover the same root issue, we reward the first reproducible submission we receive.

  • Root cause: multiple variants caused by one underlying flaw generally receive a single bounty.

  • We may publish resolved reports (with appropriate credit) after fixes are deployed.

4) Reward Tiers (Maximums)

Amounts below are maximums; actual awards are discretionary and depend on impact and report quality.

Critical Severity — up to AUD $200
Definition: Flaws that enable remote code execution, financial theft, or privilege escalation to administrative control.
Examples: RCE, SQL injection leading to database takeover, full access to other users’ accounts.

High Severity — up to AUD $100
Definition: Issues that severely undermine platform security or expose sensitive data.
Examples: Stored XSS with session takeover potential, IDOR exposing significant user data, disclosure of sensitive company information.

Medium Severity — up to AUD $50
Definition: Vulnerabilities affecting multiple users and typically requiring some user interaction.
Examples: Common logic flaws, reflected XSS.

Low Severity — discretionary / may be ineligible
Definition: Issues with limited impact, significant prerequisites, or minimal security risk.
Examples: Open redirects, minor information disclosures with low sensitivity.

5) Out-of-Scope Findings

The following are not eligible for bounty consideration:

  • DoS/DDoS or volumetric rate-limit tests.

  • Social engineering or phishing of staff or customers.

  • Physical attacks on offices, warehouses, or data centers.

  • Automated scanner output without a working proof-of-concept.

  • Missing security headers (e.g., CSP, HSTS) without a direct, exploitable impact.

  • Self-XSS that cannot be used to affect other users.

6) Contact

Security inquiries and reports:
Email: Support@Gtbike.zone
Phone: +61 482 084 620