#Responsible Disclosure Policy
Introduction
Vosyn AI (“Vosyn”, “we”, “our”) takes the security of our systems, platform, and users seriously.
We welcome security researchers and members of the community to responsibly disclose vulnerabilities so we can address them promptly and safely.
Scope
This policy applies to security vulnerabilities discovered in:
Any subdomains operated by Vosyn AI
Publicly accessible services owned and controlled by Vosyn AI
How to Report a Vulnerability
If you believe you have discovered a security vulnerability, please report it as soon as possible.
Please include the following information:
A description of the vulnerability
Steps to reproduce the issue
Affected URLs, endpoints, or systems
Proof of concept (if available)
Any potential impact you have identified
Reporting channels:
Email: cybersecurity@vosyn.ai
Web page: https://vosyn.ai/.well-known/security.txt
Our Commitment
If you follow this policy, Vosyn AI commits to:
Acknowledge receipt of your report within 5 business days
Investigate and validate reported issues in a timely manner
Keep you informed of progress when appropriate
Not pursue legal action against you for good-faith security research conducted under this policy
Researcher Guidelines
We ask that you:
Act in good faith and avoid violating user privacy
Do not access, modify, or delete data that does not belong to you
Limit testing to what is necessary to demonstrate the issue
Avoid service disruption, including denial-of-service testing
Allow reasonable time for remediation before public disclosure
Out of Scope
The following activities are not permitted under this policy:
Denial of Service (DoS or DDoS) attacks
Social engineering or phishing attacks
Physical security testing
Testing of third-party services not operated by Vosyn AI
Legal Safe Harbor
Vosyn AI considers security research conducted in accordance with this policy to be authorized.
We will not initiate legal action for accidental, good-faith violations that occur while adhering to this policy.
