Vulnerability Disclosure Program
At Autoplay.ai, the security and privacy of our users, customers, and systems are top priorities. We greatly appreciate the work of security researchers and welcome reports of potential vulnerabilities through our responsible disclosure process.
If you believe you’ve found a security issue in our products or infrastructure, we encourage you to report it responsibly.
Responsible Disclosure Guidelines
To promote a secure and respectful environment, we ask researchers to:
- Report vulnerabilities privately and promptly to our security team.
- Avoid data destruction, service disruption, or accessing personal user data.
- Do not use social engineering, phishing, spam, or physical attacks.
- Allow us a reasonable time to investigate and fix the issue before any public disclosure.
We are committed to responding quickly and keeping you informed throughout the remediation process.
Scope
We are currently accepting vulnerability reports for:
- All services under *.autoplay.ai
- Our public API endpoints
- Frontend and backend apps maintained by Autoplay.ai
Out of Scope (for now):
- Denial-of-Service (DoS/DDoS) attacks
- SPF/DMARC/DNS configuration suggestions
- Clickjacking on pages without sensitive actions
- Third-party services not operated by Autoplay.ai
How to Report
Please send your findings to:
Include as much detail as possible to help us triage the issue quickly:
- URL or system affected
- Vulnerability type
- Steps to reproduce
- Proof of concept (if available)
- Your contact information (optional)
Safe Harbor
We pledge not to pursue legal action against individuals who:
- Engage in good faith security research consistent with this policy
- Report vulnerabilities promptly and confidentially
- Avoid harming Autoplay.ai users, systems, or data
Your efforts to help keep our platform safe are genuinely appreciated.