Our Commitment to Researchers

• We will treat researchers in a professional manner
• We will respond without undue delay and maintain good lines of communication with researchers until vulnerabilities are mitigated
• We will adhere to the principle of good faith and repair or alleviate the problems discovered by researchers within an appropriate time frame

We ask you to

• Please report the issues you have identified clearly and completely, and help us reproduce the problem
• Before sharing or publicly disclosing any reports with third parties, please provide us with reasonable time to resolve such issues.
• Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data.
• If a vulnerability is identified or any sensitive data is encountered, you must stop testing, notify us immediately, and not disclose this data to anyone else.

Scope

• This policy applies to any digital assets owned, operated, or maintained by AiDot, including public facing websites.

Reporting a vulnerability

• If you discover any vulnerabilities in our system or related products, please email us as soon as possible（ security@aidot.com ）Report to us and provide sufficient detailed information so that we can reproduce your steps.

Please provide as much detail as possible, including:

• details of the potential vulnerability
• the product/service which may be impacted
• your contact details

What happens next

1. Reply

   reply to your report within 5 working days, including determining the severity and scope of the vulnerability

2. Progress

   keep you informed of our progress

3. Disclosure Date

   agree upon a date for public disclosure

4. Repair Process

   determine rewards and distribute them based on the vulnerability level, exploitation difficulty，impact range, and the help you provided us during the vulnerability repair process