1. Scope
This policy applies to security vulnerabilities in the Service accessible at upplio.ai and directly related infrastructure operated by Upplio AI. It does not authorise testing against third-party services.
2. Responsible Disclosure
Please report suspected vulnerabilities privately to customerservice@upplioai.com with subject line "Security Report". Provide sufficient detail to reproduce (URL, steps, payloads, screenshots) and do not publish the finding until we have had a reasonable opportunity to remediate.
3. Safe Harbor
Upplio AI will not pursue civil action or refer researchers to law enforcement for good-faith security research conducted in accordance with this policy, provided the researcher:
- does not access, modify or delete data beyond what is necessary to demonstrate the vulnerability;
- does not disrupt or degrade the Service or other users;
- does not use social engineering, physical attacks or attacks against third-party services;
- does not violate applicable law.
4. Process and Timelines
We acknowledge reports within five (5) working days, provide an initial assessment within ten (10) working days, and coordinate on remediation and disclosure. Critical issues are prioritised.
5. Recognition
Where the researcher agrees, we may credit them in a public advisory. We do not currently operate a paid bug-bounty programme.
Amendments
Upplio AI may amend this document from time to time. Material changes will be notified by email or in-app notice at least fourteen (14) days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the amended terms.
Version
Version: 1.0
Effective: 13 July 2026
Owner: Neetu Yadav, Proprietor, Upplio AI
Contact: customerservice@upplioai.com
Contact
Upplio AI (a sole proprietorship of Neetu Yadav)
Bengaluru, Karnataka, India
Email: customerservice@upplioai.com · Website: https://upplio.ai
