#Responsible Disclosure Policy

Introduction

Vosyn AI (“Vosyn”, “we”, “our”) takes the security of our systems, platform, and users seriously.

We welcome security researchers and members of the community to responsibly disclose vulnerabilities so we can address them promptly and safely.

Scope

This policy applies to security vulnerabilities discovered in:

  • https://invest.vosyn.ai
  • Any subdomains operated by Vosyn AI
  • Publicly accessible services owned and controlled by Vosyn AI

 

How to Report a Vulnerability

If you believe you have discovered a security vulnerability, please report it as soon as possible.

Please include the following information:

  • A description of the vulnerability
  • Steps to reproduce the issue
  • Affected URLs, endpoints, or systems
  • Proof of concept (if available)
  • Any potential impact you have identified

 

Reporting channels:

Email: cybersecurity@vosyn.ai

Web page: https://vosyn.ai/.well-known/security.txt

Our Commitment

If you follow this policy, Vosyn AI commits to:

  • Acknowledge receipt of your report within 5 business days
  • Investigate and validate reported issues in a timely manner
  • Keep you informed of progress when appropriate
  • Not pursue legal action against you for good-faith security research conducted under this policy

 

Researcher Guidelines

We ask that you:

  • Act in good faith and avoid violating user privacy
  • Do not access, modify, or delete data that does not belong to you
  • Limit testing to what is necessary to demonstrate the issue
  • Avoid service disruption, including denial-of-service testing
  • Allow reasonable time for remediation before public disclosure

 

Out of Scope

The following activities are not permitted under this policy:

  • Denial of Service (DoS or DDoS) attacks
  • Social engineering or phishing attacks
  • Physical security testing
  • Testing of third-party services not operated by Vosyn AI

 

Legal Safe Harbor

Vosyn AI considers security research conducted in accordance with this policy to be authorized.

We will not initiate legal action for accidental, good-faith violations that occur while adhering to this policy.