Vulnerability Disclosure Policy

At Razz Production US, we take the security of our community and the integrity of VTuber society seriously. We appreciate the efforts of security researchers who help us maintain a safe environment.

Reporting a Vulnerability

If you believe you have found a security vulnerability in our website (us.razz.jp) or services, please report it to us as soon as possible.

  • Contact: hashimoto@betinc.jp or tech.razz@betinc.jp
  • Required Information:
    • A detailed description of the vulnerability.
    • Steps to reproduce the issue (Proof of Concept).
    • Potential impact of the vulnerability.

Our Commitments

If you follow this policy when reporting an issue to us, we commit to:

  • Acknowledge receipt of your report within 2 business days.
  • Investigate and take appropriate action to resolve the issue.
  • Not take legal action against you for your research, provided you comply with the guidelines below.

Guidelines & Rules (Safe Harbor)

To encourage responsible disclosure, we ask that you:

  • Do not perform any actions that could harm our users, data, or services (e.g., Spam, Brute Force, DoS/DDoS).
  • Do not attempt to access or modify data that does not belong to you.
  • Do not disclose the vulnerability to the public or any third party until we have resolved the issue (Coordinated Disclosure).
  • Avoid privacy violations and social engineering against our employees or users.

Recognition & Swag (Hall of Fame)

While we do not currently offer a monetary bug bounty program, we truly value the time and effort researchers invest in our security.

For valid, significant, and responsibly disclosed vulnerability reports, we will be happy to offer:

  • Hall of Fame: Recognition of your contribution on our official website.
  • Razz Swag Pack: We would love to send you a token of our appreciation, which may include Razz Production Official Stickers and a selection of Japanese Snacks.

Note: Shipping availability may vary depending on your location. We will coordinate with you via email once the vulnerability is resolved.

Last Updated: January 15th, 2026

Go back home