Sometimes people and companies have their heads stuck so far in procedures and policies that they can't see the forests from the trees.
The Finder provided tremendous value by discovering this issues and reporting it responsibly. He certainly should be rewarded with something more substantial than swag.
Would Prezi have preferred that the Finder just not report this issues?
It's not like they got him on some legalistic technicality. The bug bounty clearly doesn't cover the bug he reported.
And I don't usually go looking for them, but if I come across a security problem (e.g. someone left login credentials unsecured in bitbucket) I would let them know because it's the right thing to do, not because I expect cash.
It's not a technicality, but you're just saying "well, that's the policy" without considering whether the policy is the best way to accomplish certain goals. That's the point.
The Finder provided tremendous value by discovering this issues and reporting it responsibly. He certainly should be rewarded with something more substantial than swag.
Would Prezi have preferred that the Finder just not report this issues?