AboutBlogContact

Security Policy and Responsible Disclosure

Last Updated: May 24, 2025

1. Introduction

At Aunimeda, we take the security of our systems and data very seriously. This Security Policy and Responsible Disclosure document outlines our commitment to maintaining a secure environment for our users and provides guidelines for security researchers who wish to report potential vulnerabilities. By accessing or using our services, you acknowledge that you have read, understood, and agree to comply with this policy in its entirety.

2. Scope of Policy

This policy applies to all Aunimeda systems, services, applications, and platforms, including but not limited to:

  • Aunimeda website and all associated domains and subdomains
  • Aunimeda web applications and services
  • Aunimeda mobile applications
  • Aunimeda APIs and integrations
  • Any other systems or services explicitly identified by Aunimeda as being in scope

Explicitly excluded from scope are:

  • Third-party services or applications that Aunimeda uses but does not own or control
  • Physical security measures and facilities
  • Social engineering attacks against Aunimeda employees or users
  • Denial of service (DoS/DDoS) attacks
  • Any systems or services explicitly identified by Aunimeda as being out of scope

3. Our Security Commitment

Aunimeda implements and maintains security measures that we believe, in our sole discretion, to be appropriate and reasonable for our business and the types of information we collect and process. These measures may include, but are not limited to:

  • Encryption of sensitive data in transit and at rest
  • Regular security assessments and penetration testing
  • Implementation of access controls and authentication mechanisms
  • Regular security training for our employees
  • Monitoring systems for suspicious activities

DISCLAIMER: While we strive to implement reasonable security measures, we do not guarantee or warrant that our systems are impenetrable or free from security vulnerabilities. We make no representations or warranties regarding the security of our systems or your data. You acknowledge and agree that you use our services at your own risk.

4. Responsible Disclosure Policy

We appreciate the efforts of security researchers and the broader security community in helping us maintain and improve the security of our systems. If you believe you have discovered a potential security vulnerability in any of our systems, we encourage you to report it to us according to the following guidelines:

4.1 Reporting Guidelines

To report a security vulnerability, please send an email to security@aunimeda.com with the following information:

  • A detailed description of the vulnerability
  • The affected system or component
  • Steps to reproduce the vulnerability
  • Potential impact of the vulnerability
  • Any suggestions for mitigating or fixing the vulnerability

IMPORTANT: By submitting a vulnerability report, you acknowledge and agree that:

  • You will not publicly disclose the vulnerability until we have had a reasonable opportunity to address it
  • You will not exploit the vulnerability for any purpose other than to verify its existence and impact
  • You will not access, modify, delete, or exfiltrate any data that is not your own
  • You will comply with all applicable laws and regulations

4.2 Legal Safe Harbor

Aunimeda offers a limited legal safe harbor for security researchers who:

  • Comply with this Responsible Disclosure Policy in good faith
  • Report vulnerabilities directly to us before disclosing them to any third party
  • Avoid intentional harm to our systems, users, or data
  • Act in a manner that we determine, in our sole discretion, to be responsible and ethical

LIMITATIONS: This safe harbor is limited to civil claims under applicable computer crime laws for specific, good-faith security research activities that comply with this policy. It does not apply to:

  • Any activities that we determine, in our sole discretion, to be outside the scope of this policy
  • Any activities that violate any applicable laws or regulations
  • Any activities that compromise the privacy, confidentiality, or integrity of user data
  • Any activities that disrupt or degrade the performance of our systems

IMPORTANT: Aunimeda reserves the right to determine, in its sole discretion, whether an activity qualifies for this safe harbor. This safe harbor does not constitute a waiver of any rights or remedies that Aunimeda may have under applicable law.

5. Prohibited Activities

The following activities are strictly prohibited and may result in legal action:

  • Any unauthorized access to our systems or data
  • Any attempt to compromise the security of our systems or data
  • Any attempt to identify or exploit security vulnerabilities without our explicit permission
  • Any denial of service (DoS/DDoS) attacks against our systems
  • Any social engineering attacks against our employees or users
  • Any use of automated tools or scripts to scan, probe, or test our systems without our explicit permission
  • Any attempt to circumvent our security measures or access controls
  • Any activity that violates any applicable laws or regulations

PENALTIES: Violation of this policy may result in:

  • Immediate termination of your account and access to our services
  • Legal action, including but not limited to civil and criminal penalties
  • Monetary damages, including but not limited to actual damages, statutory damages, and punitive damages
  • Reporting to law enforcement authorities

6. No Expectation of Reward or Compensation

Aunimeda does not operate a bug bounty program. Reporting a security vulnerability does not entitle you to any reward, compensation, or recognition. Any decision to provide a reward, compensation, or recognition for a reported vulnerability is at Aunimeda's sole discretion and is not guaranteed.

IMPORTANT: By reporting a security vulnerability to us, you waive any right to compensation or reward unless explicitly agreed to in writing by an authorized representative of Aunimeda.

7. Response and Remediation

Aunimeda will make commercially reasonable efforts to:

  • Acknowledge receipt of vulnerability reports within a reasonable timeframe
  • Validate and investigate reported vulnerabilities
  • Address validated vulnerabilities in a manner and timeframe that we determine, in our sole discretion, to be appropriate

DISCLAIMER: Aunimeda does not guarantee or commit to any specific response time or remediation timeline. We reserve the right to prioritize and address vulnerabilities based on our assessment of their severity, impact, and other factors that we deem relevant.

8. Confidentiality and Non-Disclosure

All information related to security vulnerabilities, including but not limited to vulnerability reports, communications regarding vulnerabilities, and remediation efforts, is considered confidential information of Aunimeda. You agree not to disclose any such information to any third party without our explicit written permission.

IMPORTANT: By reporting a security vulnerability to us, you agree to maintain the confidentiality of all information related to the vulnerability and our response to it. You may not publicly disclose the vulnerability or any related information without our explicit written permission.

9. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, AUNIMEDA SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES ARISING OUT OF OR IN CONNECTION WITH THIS POLICY OR ANY SECURITY VULNERABILITY, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, OR OTHER INTANGIBLE LOSSES, EVEN IF AUNIMEDA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

IN NO EVENT SHALL AUNIMEDA'S TOTAL LIABILITY TO YOU FOR ALL CLAIMS ARISING OUT OF OR IN CONNECTION WITH THIS POLICY OR ANY SECURITY VULNERABILITY EXCEED THE LESSER OF (A) THE AMOUNT PAID BY YOU TO AUNIMEDA, IF ANY, IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE LIABILITY, OR (B) ONE HUNDRED DOLLARS ($100).

SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE LIMITATION MAY NOT APPLY TO YOU. IN SUCH CASES, AUNIMEDA'S LIABILITY SHALL BE LIMITED TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.

10. Indemnification

You agree to indemnify, defend, and hold harmless Aunimeda, its affiliates, officers, directors, employees, agents, and licensors from and against any and all claims, liabilities, damages, losses, costs, expenses, or fees (including reasonable attorneys' fees) that such parties may incur as a result of or arising from your violation of this policy.

11. Governing Law and Jurisdiction

This policy shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law provisions. You agree to submit to the personal and exclusive jurisdiction of the courts located in Delaware for the resolution of any dispute arising out of or relating to this policy.

Notwithstanding the foregoing, Aunimeda reserves the right to seek injunctive or other equitable relief in any court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation, or violation of Aunimeda's intellectual property rights or confidential information.

12. Modifications to this Policy

Aunimeda reserves the right to modify this policy at any time, without prior notice or liability to you. The most current version of this policy will be posted on our website. Your continued use of our services after any such modification constitutes your acceptance of the modified policy.

IMPORTANT: It is your responsibility to review this policy periodically to ensure that you are aware of any changes. If you do not agree to any modification of this policy, you must immediately cease using our services.

13. Severability

If any provision of this policy is found to be invalid, illegal, or unenforceable, the remaining provisions shall remain in full force and effect. The invalid, illegal, or unenforceable provision shall be deemed modified to the minimum extent necessary to make it valid, legal, and enforceable while preserving its intent.

14. Contact Information

If you have any questions or concerns about this policy, please contact us at:

Email: security@aunimeda.com

Postal Address:
Aunimeda Security Team
123 Tech Boulevard
Suite 456
Bishkek, Kyrgyz Republic

15. Acknowledgment

By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by this policy. If you do not agree to this policy, you must not access or use our services.