Skip to main content
AIKYAM logo

Responsible Disclosure Policy

Effective date: June 18, 2025 — Last updated: November 8, 2025

AIKYAM (a brand of Syntellect Robotics) takes security seriously. We welcome reports from security researchers and ethical hackers and are committed to investigating and remediating valid security issues reported to us. This Responsible Disclosure Policy outlines how to report potential vulnerabilities in our public-facing systems in a lawful and responsible manner.

Scope

This policy applies to AIKYAM’s public-facing websites and subdomains that we operate and explicitly list as in-scope. Unless otherwise specified, internal, non-public, or third-party systems are out of scope.

What this policy does not authorize

This policy does not authorize any activity that would exceed the stated scope, cause harm, violate applicable law, or access customer or third-party data. Do not conduct destructive actions, data exfiltration, or social engineering.

Responsible disclosure process

If you believe you have discovered a security vulnerability in our systems, please report it to us promptly and in good faith. Include sufficient detail to allow us to reproduce the issue (steps to reproduce, affected URLs, proof-of-concept code, and any relevant logs or screenshots). Do not publicly disclose the issue without our prior written consent.

How to report

Please email your report to privacy@syntellectrobotics.com. Provide a clear description of the issue, the date and time you discovered it, potential impact, and any reproduction steps or POC code.

Acknowledgement and response

We will acknowledge receipt of your report within 7 business days. We will triage and investigate the report and, where appropriate, work with you to remediate any confirmed issues. We aim to resolve valid reports within a reasonable timeframe based on severity.

Scope exclusions

The following are typically considered out of scope for this program: automated scanner findings without a working proof-of-concept, denial-of-service attacks, social engineering, physical attacks, known/published vulnerabilities without a demonstration, and issues that require access to non-public data or internal systems.

Safe harbor and legal protection

If you comply with this Policy, act in good faith, and follow our reporting guidelines, we will consider making reasonable efforts to provide safe harbor from legal action related to the research activity. Safe harbor is not guaranteed and does not apply to harmful or unlawful conduct.

No monetary rewards

We do not offer monetary compensation for vulnerability reports under this policy. We may, at our discretion, acknowledge contributors publicly or provide other non-monetary recognition where appropriate and agreed upon.

Indemnity and legal notice

By submitting a report, you agree that you will not exploit the vulnerability beyond what is necessary to demonstrate its existence and that you will comply with applicable laws. We reserve the right to take legal action in the event of non-compliance or malicious activity.

Contact

Send reports and questions to infosec@aikyam.com.

Changes to this policy

We may update this Policy at any time. The most recent version will be posted on this page with the effective date.