While KIWI.KI strives to provide a highly secure and privacy-sparing service, we understand that no technology is perfect. We believe that working with security researchers is absolutely crucial in identifying and solving weaknesses with our system. If you believe you've found a security issue in one of our products or services, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

Disclosure Policy

• Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
• Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
• Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

Bounty Program

To show our appreciation of responsible security researchers, KIWI.KI offers a monetary bounty for reports of qualifying security vulnerabilities. Reward amounts will vary based upon the severity of the reported vulnerability, and eligibility is at our sole discretion. Current or former employees of KIWI.KI and their families are excluded from the bounty program.

Charity Program

Security researchers may elect to donate their bounty to a non-profit organization of their choice. In this case, the bounty amount will be doubled.

Recognition

Unless otherwise requested, we will post the information of researchers who have submitted valid reports on our website.

Focus

Currently, our focus is on the customer-facing products and services that KIWI.KI provides. Security and privacy are prioritized equally.

Scope

A word to scope: The scope as outlined below is what we have set a bounty on, as they are the most safety- and privacy-critical. Our main website, analytics suites, web-attached CRM systems, or other ancillary services are not covered by our bounty (but we appreciate the help!)

Exclusions

While researching, we'd like to ask you to refrain from:

• Denial of service
• Spamming
• Social engineering (including phishing) of KIWI.KI staff, contractors, or customers
• Any physical attempts against KIWI.KI property or data centers
• Any illegal activity (unless it is illegal to do security research, in which case go right ahead)

Thank you for helping keep KIWI.KI and our users safe!