Kami Responsible Disclosure Policy

Last updated: December 2022

Data security is a top priority for Kami, and we believe that working with skilled security researchers can identify weaknesses in any technology. If you believe you’ve found a security vulnerability in any of Kami’s services, please notify us; we will work with you to resolve the issue in a timely manner, we don’t offer bug bounties or monetary compensation for bugs but will acknowledge researchers who assist us below on our site for reference.

• If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at privacy@kamiapp.com. We will acknowledge your email within 5 business days.
• Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one week of disclosure to our team. 
• We highly encourage researchers to provide proof-of-concept and/or detailed reproduction steps.

While researching, we ask that you refrain from:

• Distributed Denial of Service attacks (DDoS)
• Attempting to brute-force other customer credentials
• Spamming
• Social engineering or phishing of our employees, contractors, clients, or users
• Attacks against our physical property or data centers

We ask the security research community to make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research. We will not bring any lawsuit against you, or ask law enforcement to investigate you.

We are always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to contact us on support@kamiapp.com.