Responsible Disclosure Policy

Effective Date: March 12, 2026

At FilmPilot.ai, we take security seriously. We are committed to maintaining the safety and security of our platform and our users' data. We believe in working with the security community to identify and resolve vulnerabilities. This policy outlines our process for responsible disclosure.

1. Reporting a Vulnerability

If you believe you have discovered a security vulnerability on our platform, we encourage you to report it to us as soon as possible. Please submit your findings through our Contact page, providing as much detail as possible, including steps to reproduce the issue.

2. Our Commitment

If you report a vulnerability in good faith and in accordance with this policy, we commit to:

  • Acknowledging your report in a timely manner.
  • Working with you to understand and validate the issue.
  • Providing a timeline for remediation.
  • Notifying you when the issue has been resolved.
  • Not taking legal action against you, provided you comply with this policy.

3. Guidelines for Responsible Research

We ask that you follow these guidelines during your security research:

  • Do not access or modify data belonging to other users.
  • Do not perform any actions that could disrupt our services (e.g., Denial of Service attacks).
  • Do not use automated scanning tools without prior authorization.
  • Do not disclose the vulnerability to third parties until it has been resolved.
  • Avoid any activities that violate applicable laws or regulations.

4. Scope

This policy applies to the FilmPilot.ai website and all services directly operated by us. It does not apply to third-party services that we use (e.g., payment processors, cloud providers). Please report vulnerabilities in third-party services directly to those providers.

5. Recognition

We appreciate the efforts of security researchers who help us protect our platform. While we do not currently offer a formal bug bounty program, we are happy to acknowledge your contribution on our site (with your permission) for significant vulnerabilities.

6. Contact Information

If you have any questions about this policy or need to report a security concern, please use our Contact page.

Last updated: March 23, 2026