If you believe you've found a security vulnerability in Aiprosol's website, API, or any of the tools we publish, please report it responsibly using one of the channels below.

Send your report to:

• Primary: srijanpaudelofficial@gmail.com
• Subject line: SECURITY: <one-line summary>

Please include, where possible:

1. The URL, file, or component affected
2. A description of the issue and its potential impact
3. Steps to reproduce (or a proof-of-concept)
4. Whether you've disclosed it elsewhere

Encrypt the report if it contains exploit details. PGP key available on request.

We don't currently run a paid bug bounty. We do offer:

• Public credit in the security disclosure log
• A free Aiprosol digital product of your choice (any tier)
• A LinkedIn recommendation for serious, well-documented findings

• aiprosol.com and all subdomains
• Open-source tools published under github.com/aiprosol
• Any digital product distributed via aiprosol.com (PDFs, n8n JSON, prompt vaults, etc.)

• Third-party SaaS we integrate with (Vercel, Supabase, Groq, Stripe, n8n cloud) — please report to the vendor directly
• Social engineering of Aiprosol staff (the AI agents are non-human; Srijan is the only human contact point)
• Denial-of-service or volumetric attacks
• Findings that require physical access to a device
• Self-XSS that requires the user to paste content into their own browser
• Reports generated by automated scanners with no demonstrated impact

We will not pursue legal action against researchers who:

• Make a good-faith effort to avoid privacy violations, data destruction, or service interruption
• Report vulnerabilities promptly and don't exploit them beyond the proof of concept
• Don't access, modify, or exfiltrate data that isn't their own
• Don't publicly disclose before we've had a reasonable chance to patch

Thank you for helping keep Aiprosol secure.

— Srijan Paudel, Founder & Chairman