Responsible Disclosure Policy
At Startuped.AI, we take the security of our users’ data and systems seriously. We welcome and encourage responsible security researchers to report any potential vulnerabilities they discover in a way that protects our users and maintains the integrity of our services.
How to Report a Vulnerability
If you identify a potential vulnerability or security issue, please contact us at mail@startuped.ai. Include detailed information so we can reproduce and evaluate the issue quickly:
- A description of the vulnerability and potential impact
- Steps to reproduce the issue (if applicable)
- Any proof-of-concept code or screenshots
- Your contact information for follow-up
Rules of Engagement
To protect our users and systems, we ask that researchers:
- Do not perform denial-of-service (DoS or DDoS) attacks
- Do not access, modify, or delete customer data
- Do not exploit vulnerabilities beyond what is necessary to prove their existence
- Do not publicly disclose vulnerabilities before we’ve addressed them
Following these guidelines helps ensure user safety and allows us to collaborate productively with the research community.
Safe Harbor
We appreciate and value the contributions of ethical security researchers. If you make a good-faith effort to comply with this policy, we will not pursue legal action against you or your organization.
Actions taken under this policy are considered authorized for the purpose of applicable computer misuse and anti-hacking laws, provided they are consistent with responsible disclosure principles.
Recognition & Bug Bounty
While we don’t currently offer a formal bug bounty program, we may recognize significant contributions publicly and explore future reward opportunities. Responsible disclosure helps keep our platform secure for everyone.