Kami Responsible Disclosure Policy
Last updated: December 2022
Data security is a top priority for Kami, and we believe that working with skilled security researchers can identify weaknesses in any technology. If you believe you’ve found a security vulnerability in any of Kami’s services, please notify us; we will work with you to resolve the issue in a timely manner, we don’t offer bug bounties or monetary compensation for bugs but will acknowledge researchers who assist us below on our site for reference.
- If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at [email protected]. We will acknowledge your email within 5 business days.
- Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one week of disclosure to our team.
- We highly encourage researchers to provide proof-of-concept and/or detailed reproduction steps.
While researching, we ask that you refrain from:
- Distributed Denial of Service attacks (DDoS)
- Attempting to brute-force other customer credentials
- Social engineering or phishing of our employees, contractors, clients, or users
- Attacks against our physical property or data centers
We ask the security research community to make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research. We will not bring any lawsuit against you, or ask law enforcement to investigate you.
We are always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to contact us on [email protected].
Kami’s Vulnerability Responsible Disclosure Contact
The best method for contacting our security team is via email. You may encrypt your email to us with PGP if you wish to protect the contents of your email.
Kami Security team email is [email protected].
If you want to start using PGP please either encrypt your message with our public key via https://pgptool.org/# or by installing a OpenPGP/GPG software tool and importing our public key into you local key manager.