Protecting our users'
privacy and security.
Bug Bounty Program





At InfluencerMarketing.ai (IMAI), we prioritize the security and privacy of our platform users, including Influencers, Brands, and Marketers.
Â
To enhance our security measures, we’ve established the IMAI Security Research Program. This initiative invites skilled security researchers to analyze our systems and rewards them for identifying high-impact, critical vulnerabilities within our designated scope.
#
Program Overview
If you believe you’ve discovered a critical security vulnerability in our platform, we encourage you to report it to us promptly. Our security team will investigate all submissions thoroughly, prioritizing those that pose significant risks to our users or platform integrity.
Our Commitments:
Respond to all valid reports of critical vulnerabilities within 5 business days
Provide transparent assessments of security impacts and severity
Issue rewards for confirmed critical vulnerabilities within 10 business days of resolution (barring exceptional circumstances)
Maintain clear communication throughout the process
#
Scope and Eligibility ​
In-Scope Domains:
- imai.co
- *.imai.co (all subdomains)
- API endpoints (imai.co/api)
Eligible Vulnerability Types:
We assess each submission based on its potential impact and severity. Our program focuses specifically on high-severity vulnerabilities that could significantly compromise our users or platform integrity. Priority examples include:
Remote Code Execution (RCE)
Critical SQL Injection vulnerabilities
Authentication Bypasses leading to unauthorized access
Exposure of sensitive user data or authentication credentials
Stored Cross-Site Scripting (XSS) with significant impact
Server-Side Request Forgery (SSRF) with critical impact
Severe Logic Flaws leading to platform compromise
Critical API vulnerabilities affecting core functionality
Subdomain takeovers with demonstrated impact
High-risk Insecure Direct Object
References (IDOR)
Â
#
Program Rules and Guidelines
To participate in the IMAI Security Research Program, please adhere to the following:
- Respect user privacy and data integrity. Do not access, modify, or retain any user or company data.
- Avoid any actions that could negatively impact our services or other users.
- Report critical vulnerabilities promptly and directly to IMAI. Do not disclose findings publicly or to third parties without our explicit consent.
- Provide clear, detailed reports including steps to reproduce the vulnerability.
- Do not exploit vulnerabilities beyond the minimum necessary to demonstrate the issue.
- Comply with all applicable laws and regulations while conducting your research.
- Do not use automated scanning tools without prior approval from our security team.
#
Submission Process
To Report a Critical Vulnerability
- Email [email protected]
- Include a detailed description of the vulnerability, steps to reproduce, and any supporting evidence (e.g., screenshots, proof-of-concept code)
- Use responsible disclosure practices and allow us adequate time to investigate and address the issue before any public disclosure
- If possible, include suggestions for mitigating or fixing the vulnerability
Out of Scope
The following are generally not eligible for rewards:
Low-severity or superficial vulnerabilities
Denial of Service attacks
Social engineering attempts
Physical security issues
Vulnerabilities in third-party applications or websites
Issues requiring unrealistic user interaction
Theoretical vulnerabilities without proof of exploitability
Self-XSS or other low-impact issues
Missing security headers without demonstrated impact
Common misconfiguration issues without security impact
Legal Safeguards
IMAI considers activities conducted in compliance with this program to be “authorized” under applicable computer crime laws. We will not pursue legal action against individuals who act in good faith and adhere to these guidelines.
By participating in this program, you agree to keep all communication and findings confidential until explicitly permitted otherwise by IMAI.
We reserve the right to modify or terminate this program at any time. Reward decisions are at the sole discretion of IMAI based on the severity and impact of the reported vulnerability.
Thank you for helping us build a more secure platform for our community!