Responsible Disclosure Policy

Element AI aims to keep its products and services safe for everyone, and cybersecurity is of the utmost importance for us. We appreciate the help of the community in finding vulnerabilities.

If you have found a vulnerability in our products or services, please contact us as soon as possible. We will validate, respond, and fix vulnerabilities in accordance with our commitment to security and privacy. We will not take legal action against those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy.

Our Policy

Please share the details of any suspected vulnerabilities with the Element AI security team and do not publicly disclose these details without express written consent from Element AI. Requests for monetary compensation in connection with any identified or alleged vulnerability will be deemed noncompliant with this disclosure policy. Bugs in third party applications or systems, denial of service vulnerabilities, social engineering techniques, a CVSS score below 4.0, or bugs that require physical access to the targeted victim's device are not considered.

How to Submit a Vulnerability

Send an email to describing in details the vulnerability that was found. Please include information that will allow us to reproduce your steps. Include your name and email address. Optionally include your Twitter or Linkedin handle. We will promptly acknowledge receipt of your vulnerability report, and provide an estimation for the resolution of the vulnerability. We will publicly acknowledge your responsible disclosure in our Hall of Thanks, and this for one (1) year.