Responsible Disclosure Program
About
Neuron7.ai is committed to protecting our customers, partners, and platform. We welcome responsible security research and encourage the coordinated disclosure of vulnerabilities discovered in Neuron7 systems.
If you believe you have identified a security vulnerability, please report it to:
Email: [email protected]
Subject: Vulnerability Report – <Product/Service>
1. Scope
This Responsible Disclosure Program applies to security vulnerabilities in systems and services that are owned, operated, and managed by Neuron7.ai.
In Scope:
• Neuron7.ai production web applications and APIs
• Neuron7.ai-managed cloud infrastructure
• Authentication and authorization mechanisms specific to Neuron7.ai
Out of Scope:
• Third-party services not operated by Neuron7.ai
• Customer-managed environments or customer data
• Social engineering, phishing, or physical security testing
• Denial-of-service (DoS/DDoS), traffic flooding, or stress testing
• Automated scanning that degrades service availability
Testing outside of scope is not authorized.
2. Rules of Engagement
Researchers must:
• Act in good faith and avoid service disruption
• Use the minimum testing required to demonstrate the issue
• Avoid accessing, modifying, copying, or deleting data beyond what is necessary
• Immediately stop testing if sensitive data is encountered and report it
• Not publicly disclose details until remediation is complete or approved
3. Safe Harbor
Neuron7.ai will not pursue legal action against researchers who:
• Follow this program in good faith
• Limit testing to in-scope systems
• Avoid harm, disruption, or data misuse
• Comply with applicable laws
This safe harbor does not apply to actions such as data exfiltration, extortion, service disruption, or testing outside authorized scope.
4. How to Report
Please include the following details in your report:
• Your name or handle (and attribution preference)
• Affected system or service
• Description of the vulnerability
• Impact assessment
• Steps to reproduce
• Proof-of-concept (screenshots, requests, logs)
• Any disclosure plans, if applicable
Do not include passwords, secrets, or unnecessary personal data.
5. Bug Bounty and Recognition
Neuron7.ai offers bug bounty rewards at its discretion. Important notes regarding eligibility:
• Bounties are awarded only for valid, previously unknown vulnerabilities
• Issues must demonstrate real security impact
• Vulnerabilities already known to Neuron7.ai or previously reported may not be eligible
• Duplicate reports are not eligible for additional rewards
• Reward amounts vary based on severity, impact, exploitability, and report quality
Submission of a report does not guarantee a bounty.
6. Response Process
What you can expect from us:
• Acknowledgment of your report within two business days
• Ongoing communication during investigation
• Notification once remediation is complete
• Optional public recognition, unless you prefer to remain anonymous
7. Confidentiality and Privacy
Reports are treated as confidential security information.
Information provided will be used solely for vulnerability investigation and remediation.
Please avoid submitting unnecessary personal or customer data.
8. Legal Disclaimer
This program:
• Does not create any employment, partnership, or contractual relationship
• Does not authorize testing beyond what is explicitly permitted
• May be modified or terminated at any time
9. Contact
For questions regarding scope or reporting: [email protected]
