Skip to main content
Glama

Vulnerability Disclosure Policy (VDP)

TLDR

  • Report security vulnerabilities found in Glama's systems to: security@glama.ai.
  • Please provide details on the vulnerability and how to reproduce it.
  • Act in good faith. Avoid privacy violations, data destruction, or service disruption (like DoS).
  • Keep findings confidential between you and Glama until we've had reasonable time to address them.

Introduction

Glama is committed to the security of our users and our platform. We value the contributions of independent security researchers who help us identify and address potential vulnerabilities. This policy outlines how to conduct vulnerability discovery activities related to our systems and how to submit discovered vulnerabilities to us.

We encourage responsible reporting of any vulnerabilities that may be found in our site or applications. Glama is committed to working with the security community to verify and address potential issues.

Scope

This policy applies to security vulnerabilities found within the following Glama-owned systems and services:

Out of Scope:

The following are explicitly out of scope for this policy:

How to Report a Vulnerability

If you believe you have discovered a security vulnerability within the scope of this policy, please report it to us as quickly as possible by emailing: security@glama.ai

When submitting a report, please include the following details:

  1. Clear Description: A clear description of the vulnerability, including the potential impact.
  2. Location: The specific URL, IP address, application component, or API endpoint where the vulnerability was found.
  3. Steps to Reproduce: Detailed steps required to reproduce the vulnerability (including any necessary tools, code snippets, or proof-of-concept).
  4. Screenshots/Videos (Optional but helpful): Visual evidence demonstrating the vulnerability.
  5. Contact Information: Your name and contact information (email address) for follow-up questions.

Please provide sufficient detail so we can replicate the issue.

Vulnerabilities We Are Interested In

We are primarily interested in vulnerabilities such as (but not limited to):

Exclusions / Non-Qualifying Reports

The following types of findings are generally considered out of scope or non-qualifying unless they lead to a demonstrable, significant security impact:

Guidelines / Rules of Engagement

When conducting security research, we ask that you:

Our Commitment

Safe Harbor

Glama considers security research conducted under this policy to be authorized and lawful. We will not initiate legal action against researchers for discovering and reporting vulnerabilities in good faith according to this policy. This includes exemptions from restrictions in our Terms of Service that might otherwise prohibit security testing.

To be protected by this Safe Harbor provision, researchers must:

If at any point you are unsure whether your actions comply with this policy, please contact us at security@glama.ai before proceeding.

Policy Updates

This policy may be updated from time to time. The latest version will always be available at this location.

Questions

If you have any questions about this policy, please contact us at security@glama.ai.

This policy was last updated on 2025-04-02.