SimplAI Responsible Disclosure Program

Introduction

At SimplAI, we take the security and reliability of our products seriously. We are dedicated to protecting user data and maintaining trust by adhering to modern security best practices. While we actively monitor and test our platforms, we appreciate the contribution of security researchers who help us identify potential vulnerabilities. Our goal is to maintain a secure environment, and we invite ethical disclosures that support this mission.

Responsible Disclosure Guidelines

To ensure your submission is eligible for recognition, please follow these rules

Disclose findings only to SimplAI. Do not share details with any third party or public platform until resolved and approved by SimplAI

Reports must contain reproducible steps, technical analysis, proof of concept (screenshots, videos, or scripts), and a clear explanation of the security impact.

First valid report wins—duplicate reports will not be considered.

SimplAI retains full discretion on determining the eligibility, severity, and response.

Submitting a report indicates your agreement to the terms of this policy.

Stay within scope and avoid unauthorized access, service disruption, or violation of user privacy.

Do not exploit the vulnerability beyond confirmation.

Stop testing immediately upon discovering sensitive data or unauthorized access and report it.

Maintain confidentiality of the report until SimplAI authorizes public disclosure.

Reporters must not attempt to compromise, extract, or manipulate data, gain shell or command-line access, establish persistence, or leverage the vulnerability to access other systems or environments.

All decisions made by SimplAI’s security team regarding the validity, severity, and impact of a reported vulnerability shall be deemed final and are not subject to appeal.

SimplAI retains exclusive authority to assess the eligibility of submissions and determine the severity level and any associated recognition or reward.

In Scope

The following domains and systems are included in this program:

simplai.ai

simplai.com

simplai.co

api.simplai.ai

app.simplai.ai

dashboard.simplai.ai

All official subdomains under *.simplai.ai

Out of Scope

Domains and systems not listed above

Third-party platforms and integrations

Vendor and logistics systems not owned by SimplAI

Marketing microsites or sandbox/staging environments

Automated tools generating bulk findings without context

Automated tools generating bulk traffic

How to Report

Please send reports to [email protected] with the following:

Detailed vulnerability description and affected endpoint/location

Steps to reproduce the issue with POC code, screenshots, or videos

Any associated CVEs or references

Contact details (email/phone) for follow-up

Note: Reports consisting only of crash dumps or automated scan results without context may not be processed.

Recognition & Acknowledgment

At present, SimplAI does not offer cash rewards. However, we proudly acknowledge meaningful security contributions with:

Public credit in our Hall of Fame (with your consent)

Priority follow-ups for future engagements

Hall of Fame Eligibility

Your report may be featured in our Hall of Fame if:

You are the first to submit a valid vulnerability

The issue has a high or critical security impact

The finding is within scope and follows all program rules

Disclaimer: SimplAI reserves the right to modify this policy or scope at any time without prior notice. Unauthorized testing or actions outside the scope may result in legal consequences.