Responsible Vulnerability Disclosure
SinfulX AI takes security seriously. We appreciate the security research community's efforts
to help us maintain a secure platform for our users.
Scope
This policy covers vulnerabilities in:
- https://sinfulx.ai and all subdomains
- Mobile applications (if applicable)
- API endpoints
- Any other services operated by SinfulX AI
Reporting Guidelines
When reporting vulnerabilities, please include:
- Detailed description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any proof-of-concept code (if safe to share)
- Screenshots or videos demonstrating the issue
- Your contact information for follow-up
Contact Information
Response Timeline
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 5 business days
- Status Updates: Weekly until resolution
- Resolution: Based on severity (Critical: 7 days, High: 30 days, Medium: 90 days)
Safe Harbor
We will not pursue legal action against security researchers who:
- Follow this disclosure policy
- Avoid privacy violations and data destruction
- Use only the minimum amount of data necessary to demonstrate the vulnerability
- Do not attempt to access or modify other users' data
- Do not perform actions that could negatively affect our users or services
Out of Scope
The following issues are considered out of scope:
- Social engineering attacks
- Physical attacks against our facilities or employees
- Denial of Service (DoS) attacks
- Issues in third-party applications or services
- Spam or social media account attacks
- Issues requiring physical access to a user's device
Recognition
Security researchers who follow this policy and report valid vulnerabilities will be acknowledged
on our Security Acknowledgments page (with permission).