lingly Logo lingly.ai
Contact sales
lingly Logolingly.ai
Sign inContact sales

Vulnerability Disclosure Policy

Version: 1.0
Effective Date: September 9 2025

At Lingly Limited, we take the security of our systems and our users' data seriously. We value the contributions of the security community in helping us keep our services safe and secure. This policy outlines how to report potential vulnerabilities and our commitment to working with researchers.

Reporting a Vulnerability

If you believe you have discovered a security issue in any Lingly service, please notify us promptly. We ask you to:

  • Email your findings to support@lingly.ai. Please use a clear subject line, such as "Security Vulnerability Report".
  • Include a detailed description of the vulnerability, including the steps required to reproduce it.
  • Provide any supporting evidence, such as proof-of-concept code, scripts, or screenshots.
  • Do not share details publicly until we have had a reasonable opportunity to investigate and remediate the issue.

Scope

This policy applies to the following Lingly-owned assets:

  • www.lingly.ai
  • app.lingly.ai
  • Any other official Lingly-owned subdomains and services.

Out of Scope

The following activities and findings are not considered valid reports under this policy:

  • Denial of Service (DoS or DDoS) attacks.
  • Reports from automated scans or tools without a clear, verifiable proof of exploitability.
  • Social engineering, phishing, or physical attacks.
  • Issues related to third-party services or applications not under Lingly's direct control.
  • Missing security headers or best practices (e.g., missing HttpOnly flags) that do not lead to a direct, exploitable vulnerability.

Our Commitment

When you submit a report in accordance with this policy, we commit to:

  • Acknowledge receipt of your report in a timely manner, typically within 5 business days.
  • Provide you with regular updates on our progress as we investigate and remediate the issue.
  • Notify you once the vulnerability has been resolved.
  • Recognize your contribution, should you wish, once the vulnerability is patched.

Safe Harbour

We consider security research conducted under this policy to be authorized and will not pursue or support legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

To remain in safe harbour, you must comply with all aspects of this policy and avoid privacy violations, destruction of data, and interruption or degradation of our services.

We appreciate your efforts and partnership in helping us keep our community safe. If you have any questions, please contact us at support@lingly.ai.