Bug Bounty Program
Help us keep AnalyzeMyCalls secure. We reward security researchers who responsibly disclose vulnerabilities.
At AnalyzeMyCalls, security is a top priority. We value the contributions of security researchers and the broader community in helping us maintain a secure platform for our users.
Our Bug Bounty Program rewards individuals who discover and responsibly report security vulnerabilities in our systems. We are committed to working with researchers to verify and address any issues quickly.
Reward Tiers
Critical
Remote code execution, authentication bypass, data breach vulnerabilities
High
Privilege escalation, SQL injection, significant data exposure
Medium
Cross-site scripting (XSS), CSRF, session management issues
Low
Information disclosure, minor security misconfigurations
In Scope
- AnalyzeMyCalls web application (app.analyzemycalls.ai)
- API endpoints (api.analyzemycalls.ai)
- Authentication and authorization systems
- Data storage and transmission security
- Third-party integrations security
Out of Scope
- ✕Social engineering attacks
- ✕Physical security attacks
- ✕Denial of service (DoS/DDoS) attacks
- ✕Spam or abuse of messaging systems
- ✕Vulnerabilities in third-party applications or services
- ✕Issues found through automated scanning without validation
Program Rules
- 1Do not access, modify, or delete data belonging to other users
- 2Do not perform actions that could harm service availability
- 3Provide detailed reports with steps to reproduce
- 4Allow reasonable time for us to address the issue before disclosure
- 5Do not disclose vulnerabilities publicly without our consent
- 6One vulnerability per report for clarity
How to Report
Please send your vulnerability reports to our security team. Include as much detail as possible:
- • Description of the vulnerability
- • Steps to reproduce the issue
- • Potential impact assessment
- • Any proof-of-concept code or screenshots
- • Your contact information for follow-up
Response Timeline
Initial acknowledgment
Preliminary assessment
Resolution timeline
Safe Harbor
We consider security research conducted in accordance with this policy to be authorized, and we will not pursue legal action against researchers who follow the rules outlined above. We ask that you make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services.