search icon
ConsultingTrainingsAI Software
Disclosure Program

Data security is a top priority for LiveTech.AI, and LiveTech.AI believes that working with skilled security researchers can identify weaknesses in any technology. If you believe you’ve found a security vulnerability in LiveTech.AI’s service, please notify us; we will work with you to resolve the issue promptly.

Disclosure Procedure

If you believe you’ve discovered a potential vulnerability, please let us know by emailing our CEO directly at younes@LiveTech.AI. We will acknowledge your email within one week. Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within Ten business days of disclosure. Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the LiveTech.AI service. Please only interact with domains you own or for which you have explicit permission from the account holder.

Program Scope

LiveTech.AI encourages the disclosure of any and all security vulnerabilities or concerns which would affect the services offered and would leave the services open to any potential security breach, including
  • Injection
  • XSS
  • Authorization flaws, misconfigurations
The aforementioned list is not exhaustive in any way or manner, and LiveTech.AI reserves the right to modify this list, without any prior notification.

Exclusions

While researching, we’d like you to refrain from:
  • Distributed Denial of Service (DDoS)
  • Any automated scanning activities
  • Spamming
  • Any submission made based on access which has been granted in accordance with any applicable contract, click-wrap or shrink-wrap agreement.
  • Social engineering or phishing of LiveTech.AI employees or contractors
The following types of security vulnerability issues are specifically excluded:
  • Open redirects (through headers and parameters) / Lack of security speed bump when leaving the site.
  • Text injection.
  • Email spoofing (including SPF, DKIM, from spoofing, and visually similar, and related issues).
  • Clickjacking and issues only exploitable through clickjacking.
  • Lack of Secure and HTTP only cookie flags (critical systems may still be in scope).
  • Log in or Forgot Password page brute force, account lockout not enforced, or insufficient password strength requirements.
  • Username / email enumeration by brute forcing / error messages (e.g. log in / signup / forgotten password)
  • Exceptional cases may still be in scope (e.g. ability to enumerate email addresses via incrementing a numeric parameter).
  • No Captcha or rate limit on Log in Page.
  • Denial of Service attacks.
  • Misconfigured DNS issues.
  • Vulnerable versions of third-party libraries (High severity vulnerabilities with a working Proof-of-Concept may still be accepted).
The aforementioned list is not exhaustive in any way or manner, and LiveTech.AI reserves the right to modify this list, without any prior notification.

Disqualification from Program

Some examples of the activities which shall be treated as disqualification(s) for this program are listed below:
  • Breach of confidentiality obligations under the Program and under the law.
  • Attempt to extract or remove data from the services offered by LiveTech.AI.
  • Any ransomware attempt while performing activities in scope under this Program.
  • Attempt to commercially exploit such vulnerability.
  • Attempt to hold LiveTech.AI accountable under any laws due to activities performed in scope under this Program.
The aforementioned list is not exhaustive in any way or manner, and LiveTech.AI reserves the right to modify this list, without any prior notification.

Legal Action

LiveTech.AI reserves the right to take all necessary and remedial legal action against the submitter if it determines that the activities performed are in violation of applicable law, covered under the Disqualification(s) or Exclusion(s) listed or determined, and/or have forced LiveTech.AI to face any legal consequences, which could have been avoided if a disclosure was made under this Program.

Bug Bounty

This is not a bug bounty program and LiveTech.AI does not guarantee any monetary rewards for the submissions made. Rewards, if any, will be awarded only at LiveTech.AI’s sole discretion, for vulnerabilities which LiveTech.AI, in its sole discretion, determines are substantial in nature.

Changes

We may revise these guidelines from time to time. The most current version of the guidelines will be available at

https://livetech.ai/security/

Thank you for helping to keep LiveTech.AI and our users safe!

© 2022 LiveTech.AI LLC. All rights reserved.