Therapy VR

Book a demo

Get Ready To fsociety00.dat Hack Us Protect Us Join the hacker |

We know you like poking around. That’s cool, so do we.
This page is our playground rules for security research. Follow them, and you’ll be part of the crew. Break them, and… well, let’s just say you won’t make the Hall of Fame.

security

Hack US

If you make a good faith effort to comply with this policy during your security research, we will consider your research to be authorized, we will work with you to understand and resolve the issue quickly, and we will not recommend or pursue legal action related to your research.

 

What You Can Play With

Test our website, APIs, and apps. These are your playground, poke around, break things (responsibly).

Think you found a hole? Show us how deep it goes…

Hacker Code of Honor

No stealing data, no nuking servers, no messing with accounts you don’t own. Keep it clean, keep it fun.

Simple Process

Follow the code, earn eternal glory.

Hall of Fame Awaits

We don’t pay cash (yet), but we celebrate heroes. Land a valid bug and your name shines forever.

Variety of Currencies

Hack with honor. Get immortalized.

Under this policy

Our Special Guidlines

Notify Us Quickly

Found a bug? Don’t sit on it, tell us as soon as possible. 

Notify us as soon as possible after you discover a real or potential security issue.

Respect the System

No privacy violations, no breaking data, no wrecking user experience. Keep it clean.

Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data.

Confirm, Don’t Compromise

Use exploits only to prove the bug exists, don’t go full villain.

Only use exploits to the extent necessary to confirm a vulnerability’s presence. Do not use an exploit to compromise or exfiltrate data, establish command line access and/or persistence, or use the exploit to “pivot” to other systems.

Share Responsibly

Give us time to fix before going public. Anonymous reports welcome, but quality matters.

Once you’ve found a vulnerability or encounter any sensitive data (including personally identifiable information, financial information, or proprietary information or trade secrets of any party), you must stop your test, notify us immediately, and not disclose this data to anyone else.

Once you’ve established that a vulnerability exists or encounter any sensitive data (including personally identifiable information, financial information, or proprietary information or trade secrets of any party), you must stop your test, notify us immediately, and not disclose this data to anyone else.

Out of Scope

  • DoS/DDoS attacks

    Network denial of service (DoS or DDoS) tests or other tests that impair access to or damage a system or data

  • Social engineering

    Social engineering (e.g. phishing, vishing), or any other non-technical vulnerability testing

  • Third‑party services

    Test third-party applications, websites, or services that integrate with or link to or from our systems

  • User devices

    Physical testing (e.g. office access, open doors, tailgating)

Reporting a Vulnerability

We accept vulnerability reports at support@therapy-vr.com. Reports may be submitted anonymously.  We support PGP-encrypted emails.

Information submitted under this policy will be used for defensive purposes only – to mitigate or remediate vulnerabilities. If your findings include newly discovered vulnerabilities that affect all users of a product or service and not solely Therapy VR, we may share your report with the Cybersecurity and Infrastructure Security Agency, where it will be handled under their coordinated vulnerability disclosure process. We will not share your name or contact information without express permission.

In order to help us triage and prioritize submissions, we recommend that your reports:

  • Adhere to all legal terms and conditions outlined at this page and our Responsible Disclosure Terms of Service.
  • Describe the vulnerability, where it was discovered, and the potential impact of exploitation.
  • Offer a detailed description of the steps needed to reproduce the vulnerability (proof of concept scripts or screenshots are helpful).

Therapy VR is committed to timely correction of vulnerabilities. However, we recognize that public disclosure of a vulnerability in absence of a readily available corrective action likely increases versus decreases risk. We may share vulnerability reports with the Cybersecurity and Infrastructure Security Agency (CISA), as well as any affected vendors. We will not share names or contact data of security researchers unless given explicit permission.

In order to help us triage and prioritize submissions, we recommend that your reports:

  • Describe the location the vulnerability was discovered and the potential impact of exploitation.
  • Offer a detailed description of the steps needed to reproduce the vulnerability (proof of concept scripts or screenshots are helpful).
  • Be in English, if possible.

When you choose to share your contact information with us, we commit to coordinating with you as openly and as quickly as possible.

  • Within 3 business days, we will acknowledge that your report has been received.
  • To the best of our ability, we will confirm the existence of the vulnerability to you and be as transparent as possible about what steps we are taking during the remediation process, including on issues or challenges that may delay resolution.
  • We will maintain an open dialogue to discuss issues.

  • Celebrate hackers who helped secure Therapy VR.

  • Add names, handles, or fun hacker aliases.

Empowering therapy through intelligent, interactive technology. From AI‑guided VR adventures to real‑time progress insights, we create engaging experiences that inspire children, support educators, and connect families, all powered by innovation.

X-twitter Linkedin Xing
Mental therapy
Physical therapy
Company
Office Address

Copyright © 2025 Therapy VR | Powered by Virtual Reality