Iterate.ai’s Responsible Disclosure

At Iterate.ai, we prioritize the safety and security of our users on the internet. We are dedicated to safeguarding the integrity of our assets, systems, and the confidential information of our customers. In the event of any potential vulnerabilities discovered in any of Iterate.ai's products, systems, or assets, we strongly encourage prompt communication from security researchers.

Please note that Iterate.ai does not offer a bug bounty program and does not provide monetary rewards or other forms of compensation for reported security issues.

Guidelines for Responsible Disclosure:

  • Refrain from any actions that could potentially or actually cause harm to Iterate.ai, our customers, team members, or any other individuals.

  • Avoid activities that could degrade the performance or functionality of Iterate.ai's services or assets.

  • Do not retain, share, modify, or destroy any Iterate.ai data. If you encounter any Confidential, Proprietary, or Personal Data, stop your activities immediately, delete the data from your systems, and contact us right away.

  • Ensure your actions do not violate any local, state, or federal laws.

  • Avoid any fraudulent activities.

  • Maintain confidentiality of any vulnerabilities you discover and refrain from disclosing them to third parties or making them public.

  • By complying with these guidelines and responsibly reporting your findings, Iterate.ai commits to not pursuing legal action against you, except where required by law, regulatory authorities, or third parties.

Exclusions from Scope:

  • Issues related to SPF/DKIM/DMARC records.

  • Clickjacking/UI redressing vulnerabilities.

  • Vulnerabilities that affect outdated browsers or platforms.

  • Theoretical risks without a practical proof of concept.

  • Findings from automated vulnerability scanners.

  • Issues related to SSL/TLS cipher suites or protocols.

  • Tab-nabbing and Self-XSS.

  • Content spoofing and mixed content warnings.

  • CSRF with minimal security impact.

  • Missing HTTP security headers.

  • XSS related to HTTP Host/Referer Headers.

  • Inadequate cookie security flags.

  • Content/text injection mitigated by CSP Headers.

  • User enumeration.

  • Phishing attempts.

  • Public file or directory disclosures or internal IP exposures.

  • Reports regarding assets not owned by Iterate.ai.

  • Disclosures of software versions.

How to Report a Security Vulnerability to Iterate.ai

If you've identified a potential security vulnerability in any of Iterate.ai's products, systems, or assets, we highly encourage you to report it to assist in maintaining our digital security.

To report a vulnerability, please follow these steps:

  1. Prepare Your Report: Include details such as the nature of the vulnerability, how it was discovered, its potential impact, and any replicable steps or code.

  2. Secure Communication:Email your findings to “ security @ iterate.ai “

  3. Collaborate With Us We may reach out for further information. Your cooperation will help expedite the resolution process.

  4. Maintain Confidentiality: Please do not disclose information about the vulnerability until it has been resolved. We respect your confidentiality and expect the same in return to protect our users and systems.

What to Expect from Us:

  • Our team will evaluate your report thoroughly and may contact you for additional details.

  • While we don't offer a monetary reward, we recognize the value of community contributions.

  • We will keep you informed about the status of your reported issue when possible.

Disclaimer: Iterate.ai's security processes and policies are subject to change without prior notice. Any use of the information provided herein is at your own risk. Iterate.ai reserves the right to act against any individual or entity engaging in harmful, malicious, unlawful, offensive, or abusive activities or in violation of any rights.

We use cookies to make our site work. We'd also like to set optional analytics cookies to help us improve it. They will be enabled, unless you disable them. Our privacy policy
Accept
Decline