Protecting our users'
privacy and security.
Bug Bounty Program
At InfluencerMarketing.ai (IMAI), we prioritize the security and privacy of our platform users, including Influencers, Brands, and Marketers.
To enhance our security measures, we’ve established the IMAI Security Research Program. This initiative invites skilled security researchers to analyze our systems and rewards them for identifying critical vulnerabilities within our designated scope.
# Program Overview
If you believe you’ve discovered a security vulnerability in our platform, we encourage you to report it to us promptly. Our security team will investigate all submissions thoroughly and work diligently to address confirmed issues.
Our Commitments:
- Respond to all valid reports within 5 business days
- Provide transparent assessments of security impacts
- Issue rewards for confirmed vulnerabilities within 10 business days of resolution (barring exceptional circumstances)
- Maintain clear communication throughout the process
# Scope and Eligibility
In-Scope Domains:
- imai.co
- influencermarketing.ai
- *.imai.co (all subdomains)
- API endpoints (api.imai.co)
Eligible Vulnerability Types:
While we assess each submission on its individual merits, we’re particularly interested in vulnerabilities that could significantly impact our users or platform integrity. Examples include:
- SQL Injection
- Authentication Bypasses
- Sensitive Data Exposure
- Cross-Site Scripting (XSS)
- Server-Side Request Forgery (SSRF)
- Significant Logic Flaws
- API vulnerabilities
- Subdomain takeovers
- Insecure Direct Object References (IDOR)
# Program Rules and Guidelines
To participate in the IMAI Security Research Program, please adhere to the following:
- Respect user privacy and data integrity. Do not access, modify, or retain any user or company data.
- Avoid any actions that could negatively impact our services or other users.
- Report vulnerabilities promptly and directly to IMAI. Do not disclose findings publicly or to third parties without our explicit consent.
- Provide clear, detailed reports including steps to reproduce the vulnerability.
- Do not exploit vulnerabilities beyond the minimum necessary to demonstrate the issue.
- Comply with all applicable laws and regulations while conducting your research.
- Do not use automated scanning tools without prior approval from our security team.
# Submission Process
To Reports a Vulnerability
- Email [email protected]
- Include a detailed description of the vulnerability, steps to reproduce, and any supporting evidence (e.g., screenshots, proof-of-concept code)
- Use responsible disclosure practices and allow us adequate time to investigate and address the issue before any public disclosure
- If possible, include suggestions for mitigating or fixing the vulnerability
Out of Scope
The following are generally not eligible for rewards:
- Denial of Service attacks
- Social engineering attempts
- Physical security issues
- Vulnerabilities in third-party applications or websites
- Issues requiring unrealistic user interaction
- Theoretical vulnerabilities without proof of exploitability
Legal Safeguards
IMAI considers activities conducted in compliance with this program to be “authorized” under applicable computer crime laws. We will not pursue legal action against individuals who act in good faith and adhere to these guidelines.
By participating in this program, you agree to keep all communication and findings confidential until explicitly permitted otherwise by IMAI.
We reserve the right to modify or terminate this program at any time. Reward decisions are at the sole discretion of IMAI based on the severity and impact of the reported vulnerability.
Thank you for helping us build a more secure platform for our community!