Security Policy

At DoyouKnowa, we take security seriously and are committed to protecting our users, systems, and data.

Reporting Vulnerabilities

If you believe you have found a security vulnerability in our platform or services, we encourage you to report it to us responsibly.

Email: [email protected]

Responsible Disclosure Guidelines

We ask that you:

Do not publicly disclose the issue before we’ve had a chance to investigate and fix it.

Avoid privacy violations, destruction of data, or impacting other users.

We will:

  • Respond within 5 business days.

  • Provide updates as we work to resolve the issue.

  • Acknowledge your contribution (if you wish) on our Hall of Fame.

Recommended Report Template

Please include the following when reporting:

1. Summary

Concise explanation of the issue.

2. Severity
(Low / Medium / High / Critical)
Explain potential impact.

3. Steps to Reproduce
E.g. curl commands, screenshots, payloads.

4. Expected vs Actual Behavior
What you expected vs what occurred.

5. Remediation Suggestions (if possible)
E.g. stricter validation, role checks, escaping output, etc.

6. Optional: Contact for Follow-up
Include your name or handle if you want public credit.

In-Scope

  • doyouknowa.ai web app

  • APIs under doyouknowa.ai/api/* except for /api/chat

  • Authentication, session handling, or access control logic

Out of Scope

  • API /api/chat
  • Denial of service attacks (DoS)
  • Spam or social engineering of any kind
  • Third-party services or libraries not under DoyouKnowA’s control
  • Leaked Passwords or Breached Credentials

Thank You

We appreciate the efforts of the security community to help us maintain a safe and trustworthy service.

Dated June 6th, 2025.