Skip to main content

Responsible Disclosure

Hey there, security enthusiasts! At simen.ai, we’re absolutely passionate about keeping our users’ data safe and sound. We love hearing from our amazing community when you spot something that might need our attention - you’re our security superheroes!

How to report an issue

Found something interesting that’s in-scope? Awesome! Here’s how you can let us know:

Email Report

Drop us a line at hi@simen.ai with all the juicy details!

GitHub Issue

Head over to our dedicated security playground: simen-ai/simen-bug and create an issue there!

Required Information

For either method, we’d love to see:
1

Summary

A clear summary of what you found and why it matters
2

Reproduction Steps

Step-by-step instructions to reproduce the issue (screenshots are your friend!)
3

Environment Details

Your environment details - OS, browser, device, the whole shebang!
4

Proof of Concept

If you’re feeling fancy, some proof-of-concept code would be amazing!
Once we get your report, our security team will jump into action! We’ll keep you in the loop about our progress and might ping you for more details if needed.

Rewards & Recognition

And here’s the fun part - we absolutely believe in rewarding awesome work! If your finding has a CVSS score of 4 or higher and it’s something we haven’t seen before, you’re guaranteed some sweet financial compensation! 💰
For all other original reports, we’ll definitely consider them, and rewards could range from getting featured on our security hall of fame to cold hard cash!

Scope

What’s fair game? ✅

Main Website

https://simen.ai

Case Platform

https://case.simen.ai

API Services

https://api.simen.ai

Mobile & Extensions

simen.ai mobile apps and browser extensions

What’s off-limits? ❌

The following activities are strictly prohibited and will not be eligible for rewards:
  • Automated scanning tools (let’s keep it personal!)
  • Brute force attacks (we like finesse!)
  • Social engineering our lovely team members
  • Attacks requiring physical access to someone’s device
  • DDOS attacks (please don’t break our stuff!)
  • Denial of service attacks (we need to stay online!)
  • Clickjacking on boring pages with no sensitive stuff
  • Theoretical attacks that can’t actually be exploited

Guidelines

Please follow these important guidelines when testing:
1

Test Responsibly

Please test on your own account first! If you need to test on someone else’s, make sure you have their explicit permission
2

Respect Data

Don’t copy or mess with our production data - we need that stuff!
3

Maintain Service

Keep our services running smoothly - no breaking things please!
4

Follow Policies

Stay within the bounds of our privacy policies and terms (boring but important!)
5

Responsible Disclosure

Keep your discovery under wraps until you’ve told us and we’ve had time to fix it - we promise we’ll work fast!
Happy hacking! 💚