kindo.ai
Program Details
Kindo welcomes responsible security research and appreciates reports that help keep our systems and customers safe. If you believe you’ve found a security issue, please report it privately and we’ll work with you to investigate and remediate.
Payout Structure
In-Scope Domains
- This VDP applies to all internet-facing systems and applications owned or operated by Kindo.ai, including:
- Kindo web properties
- Including kindo.ai, app.kindo.ai, and all related subdomains: This includes the main corporate website, customer portal, and any related web applications.
- Deep Hat web properties
- Including deephat.ai, app.deephat.ai, and all related subdomains.
- API interfaces
- This includes all publicly accessible APIs.
- Acquired companies and related companies
- Unless otherwise stated, this VDP also applies to systems and applications of companies acquired or owned by Kindo.ai.
Out of Scope
The following are explicitly excluded from this VDP:, Internal systems not accessible from the internet., Systems of third-party vendors or partners., Physical security vulnerabilities (e.g., building access)., Denial of Service (DoS) vulnerabilities. While we appreciate reports of potential DoS vulnerabilities, we ask that researchers refrain from testing them against our systems., Social engineering attacks (e.g., phishing)., Vulnerabilities in third-party libraries or frameworks unless they are uniquely exploitable in our implementation.