Responsible Disclosure Policy
Last updated November 19th 2025
1.Overview
We take the security and privacy of our users and their data seriously. Our mission is to deliver innovative healthcare solutions built on trust, transparency, and protection of sensitive information.
If you believe you’ve found a security vulnerability or weakness in our systems, we want to hear from you. This page outlines how to report it responsibly and what you can expect from us in return.
2. Reporting a Vulnerability
If you discover a potential security issue, please email our security team at security@gobloominghealth.com or submit it through our Bug Bounty Submission Form.
Please include:
A clear description of the issue and where it was found
Steps to reproduce the vulnerability
Any supporting details (screenshots, logs, or proof-of-concept code, if applicable)
Do not include any personal health information (PHI), patient records, or other sensitive data in your report.
3. Guidelines for Responsible Disclosure
To protect our users and systems, please follow these principles:
Do not exploit or misuse the vulnerability — e.g., accessing, modifying, or deleting data.
Avoid privacy violations — never access or share PHI or other sensitive information.
Give us reasonable time to fix the issue before publicly disclosing it.
Operate in good faith — act to improve security, not to harm users or services.
4. Bug Bounty Program
We appreciate responsible research and reward valid, impactful findings through our Bug Bounty Program.
Rewards are based on severity, scope, and quality of the report, typically following CVSS (Common Vulnerability Scoring System) guidelines.
| Severity | Example | Typical Reward |
|---|---|---|
| Critical | Authentication bypass, PHI exposure | $1,000+ |
| High | Privilege escalation, data access issues | $500–$1,000 |
| Medium | Input validation, limited data exposure | $200–$500 |
| Low | UI bugs, non-exploitable findings | Acknowledgment |
Rewards are discretionary and may vary based on impact and reproducibility.
5. Our Commitment
When you submit a report, you can expect:
Acknowledgment within 5 business days
Progress updates as we validate and remediate the issue
Public acknowledgment in our Security Hall of Fame (if you’d like credit)
Payment of eligible bounties once verification is complete
Out of Scope
The following are not eligible for rewards:
Social engineering or phishing attacks against employees
Physical security findings
Denial of Service (DoS) or spam-related tests
Reports involving third-party vendors or services we don’t control
Missing security headers, low-impact clickjacking, or outdated browser warnings
Legal Safe Harbor
We will not pursue legal action against researchers who:
Follow this policy in good faith
Avoid violating privacy, data, and HIPAA regulations
Do not intentionally harm or disrupt our services
By responsibly disclosing vulnerabilities, you help protect healthcare data and make our ecosystem safer for everyone. We appreciate your partnership in building a secure future for digital health.
CONTACT US
If you have any questions or concerns about our Terms or the BH privacy and security practices, please contact: security@gobloominghealth.com
Stay informed
Keep in touch with Blooming Health, and discover how innovative approaches in social health engagement are breaking barriers and fostering stronger connections within communities.
Blooming Health empowers organizations to seamlessly connect with their communities through a powerful AI-assisted engagement platform, ensuring every message is personalized and effectively delivered, regardless of age, communication method, or language.
Contact
info@gobloominghealth.com
287 Park Ave S, Office 432, New York, NY 10010
Copyright © 2024. All right reserved to Blooming Health
Responsible Disclosure Policy
Last updated November 19th 2025
1.Overview
We take the security and privacy of our users and their data seriously. Our mission is to deliver innovative healthcare solutions built on trust, transparency, and protection of sensitive information.
If you believe you’ve found a security vulnerability or weakness in our systems, we want to hear from you. This page outlines how to report it responsibly and what you can expect from us in return.
2. Reporting a Vulnerability
If you discover a potential security issue, please email our security team at security@gobloominghealth.com or submit it through our Bug Bounty Submission Form.
Please include:
A clear description of the issue and where it was found
Steps to reproduce the vulnerability
Any supporting details (screenshots, logs, or proof-of-concept code, if applicable)
Do not include any personal health information (PHI), patient records, or other sensitive data in your report.
3. Guidelines for Responsible Disclosure
To protect our users and systems, please follow these principles:
Do not exploit or misuse the vulnerability — e.g., accessing, modifying, or deleting data.
Avoid privacy violations — never access or share PHI or other sensitive information.
Give us reasonable time to fix the issue before publicly disclosing it.
Operate in good faith — act to improve security, not to harm users or services.
4. Bug Bounty Program
We appreciate responsible research and reward valid, impactful findings through our Bug Bounty Program.
Rewards are based on severity, scope, and quality of the report, typically following CVSS (Common Vulnerability Scoring System) guidelines.
| Severity | Example | Typical Reward |
|---|---|---|
| Critical | Authentication bypass, PHI exposure | $1,000+ |
| High | Privilege escalation, data access issues | $500–$1,000 |
| Medium | Input validation, limited data exposure | $200–$500 |
| Low | UI bugs, non-exploitable findings | Acknowledgment |
Rewards are discretionary and may vary based on impact and reproducibility.
5.Our Commitment
When you submit a report, you can expect:
Acknowledgment within 5 business days
Progress updates as we validate and remediate the issue
Public acknowledgment in our Security Hall of Fame (if you’d like credit)
Payment of eligible bounties once verification is complete
6. Out of Scope
The following are not eligible for rewards:
Social engineering or phishing attacks against employees
Physical security findings
Denial of Service (DoS) or spam-related tests
Reports involving third-party vendors or services we don’t control
Missing security headers, low-impact clickjacking, or outdated browser warnings
7. Legal Safe Harbor
We will not pursue legal action against researchers who:
Follow this policy in good faith
Avoid violating privacy, data, and HIPAA regulations
Do not intentionally harm or disrupt our services
By responsibly disclosing vulnerabilities, you help protect healthcare data and make our ecosystem safer for everyone. We appreciate your partnership in building a secure future for digital health.
CONTACT US
If you have any questions or concerns about our Terms or the BH privacy and security practices, please contact: security@gobloominghealth.com
Stay informed
Keep in touch with Blooming Health, and discover how innovative approaches in social health engagement are breaking barriers and fostering stronger connections within communities.
Blooming Health empowers organizations to seamlessly connect with their communities through a powerful AI-assisted engagement platform, ensuring every message is personalized and effectively delivered, regardless of age, communication method, or language.
Contact
info@gobloominghealth.com
287 Park Ave S, Office 432, New York, NY 10010
Copyright © 2024. All right reserved to Blooming Health
Stay informed
Keep in touch with Blooming Health, and discover how innovative approaches in social health engagement are breaking barriers and fostering stronger connections within communities.
Blooming Health empowers organizations to seamlessly connect with their communities through a powerful AI-assisted engagement platform, ensuring every message is personalized and effectively delivered, regardless of age, communication method, or language.
Contact
info@gobloominghealth.com
287 Park Ave S, Office 432, New York, NY 10010
Copyright © 2024. All right reserved to Blooming Health
Stay informed
Keep in touch with Blooming Health, and discover how innovative approaches in social health engagement are breaking barriers and fostering stronger connections within communities.
Blooming Health empowers organizations to seamlessly connect with their communities through a powerful AI-assisted engagement platform, ensuring every message is personalized and effectively delivered, regardless of age, communication method, or language.
Contact
info@gobloominghealth.com
287 Park Ave S, Office 432, New York, NY 10010
Copyright © 2024. All right reserved to Blooming Health
Stay informed
Keep in touch with Blooming Health, and discover how innovative approaches in social health engagement are breaking barriers and fostering stronger connections within communities.
Blooming Health empowers organizations to seamlessly connect with their communities through a powerful AI-assisted engagement platform, ensuring every message is personalized and effectively delivered, regardless of age, communication method, or language.
Contact
info@gobloominghealth.com
287 Park Ave S, Office 432, New York, NY 10010
Copyright © 2024. All right reserved to Blooming Health