Responsible Disclosure
Security is foundational to Freeplay’s mission of helping teams build great AI products. If you discover a vulnerability, please let us know so we can fix it quickly and keep every customer’s data safe. We offer monetary rewards for high and critical-severity findings.
How to report
Email us: Send details to security@freeplay.ai. We’ll acknowledge your report within 2 business days.
Share the evidence: Provide a clear description, reproduction steps, and any proof-of-concept code or screenshots.
Give us time to remediate: For critical issues our target is to deploy a fix within one week; please hold off on public disclosure until we confirm the patch.
Research guidelines
Do no harm. Don’t disrupt service, destroy data, or access anything beyond what’s needed to demonstrate the issue.
Stay in scope. Limit testing to assets you control or have explicit permission to probe.
Respect privacy. Never exfiltrate customer data.
Avoid prohibited techniques. No DDoS, spam, social-engineering, phishing, or brute-force attacks.
Our commitment to you
What you can expect | Our promise |
Timely updates | We’ll keep you informed of progress, typically every 5 business days until resolution. |
Fair rewards | We pay bounty amounts based on severity and real-world impact. |
Safe harbor | We won’t pursue legal action if you follow these guidelines and act in good faith. |
Why security researchers matter
Freeplay is already SOC 2 Type II and GDPR compliant, and we run isolated, single-tenant deployments for enterprise customers. Your research helps us raise the bar even higher.
Thank you for helping us protect the Freeplay platform and the teams who rely on it. If anything here is unclear, just email security@freeplay.ai. We’re happy to chat.