सुरक्षा

जिम्मेदार प्रकटीकरण नीति


Camile AI welcomes input from the security research community. We are committed to maintaining the security and privacy of our users' data. If you have identified a security vulnerability in any Camile AI system, we encourage you to report it responsibly so we can address it quickly and protect our users.

Our Commitment

If you follow our Responsible Disclosure Policy, we commit to:

  • Acknowledge receipt of your report within 3 business days
  • Provide an initial assessment and remediation timeline within 5 business days
  • Keep you informed of progress throughout the remediation process
  • Act in good faith to address the reported issue promptly
  • Not pursue legal action against researchers who comply with this policy
  • Recognize your contribution in our security acknowledgments (with your permission)

Reporting Guidelines

When reporting a vulnerability, please:

  • Send your report to security@camileai.com
  • Include a detailed description of the vulnerability and its potential impact
  • Provide step-by-step instructions to reproduce the issue
  • Include any proof-of-concept code or materials (if applicable)
  • Include your contact information for follow-up
  • Use our PGP public key (available on our Security page) for encrypted communications if the vulnerability is sensitive

Scope

This policy applies to the following Camile AI systems and services:

  • The Camile AI web application (*.camileai.com)
  • Camile AI API endpoints
  • Camile AI mobile applications
  • Camile AI open-source projects hosted on GitHub

The following are out of scope:

  • Third-party services or applications not owned or operated by Camile AI
  • Physical security, social engineering, or phishing attacks against Camile AI personnel
  • Denial of Service (DoS/DDoS) attacks
  • Spam or automated content generation
  • Self-exploitation (running exploits against your own account)

What We Ask of You

When conducting security research, we ask that you:

  • Act in good faith and avoid actions that could harm Camile AI or its users
  • Access only the minimum data needed to demonstrate the vulnerability
  • Not publicly disclose the vulnerability before we have had a reasonable opportunity to remediate it
  • Not exploit the vulnerability beyond what is necessary to demonstrate it
  • Comply with all applicable laws and regulations

Acknowledgments

With your permission, we will publicly acknowledge researchers who responsibly report security vulnerabilities. If you wish to remain anonymous, simply let us know.

We do not currently operate a paid bug bounty program, but we may provide recognition and other forms of appreciation at our discretion.

Submit your report to: security@camileai.com