Leanpub is a bootstrapped startup, so we do not have the funds for a bug
bounty program, sorry - we don't provide any rewards, either in the form of money, or in the form of corporate swag, or appreciation letters, etc.

Responsible private disclosure of potential security vulnerabilities is greatly
appreciated however, and can be disclosed by emailing hello@leanpub.com.

Did this answer your question?