Security Disclosure Policy

Parrot AI takes the security and safety of its platform and of its users very seriously. We recognize the critical role that external security researchers and developers play in helping keep our community safe. As with most security research programs, we ask that you use common sense when looking for security bugs.

Vulnerabilities must be disclosed to us privately with reasonable time to respond, and avoid compromise of other users and accounts. We do not consider denial of service, spam, or social engineering vulnerabilities to be covered under our safe harbor. If you believe that you have found a security vulnerability you may responsibly disclose it by emailing our security team at security@parrot.ai (optionally using our PGP key below) under the same responsible disclosure terms outlined in the program brief.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEYqJjChYJKwYBBAHaRw8BAQdAYzPJ7rpvwTx/gY/Hwt0oDSTEwuMlLAsNnkI0
SwrY+sG0QVBhcnJvdCBBSSBTZWN1cml0eSAoUGFycm90IEFJIHNlY3VyaXR5IHRl
YW0pIDxzZWN1cml0eUBwYXJyb3QuYWk+iJkEExYKAEEWIQT+UYFvmjGkyjaiVvFk
v65nrQwHcAUCYqJjCgIbAwUJCWYBgAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIX
gAAKCRBkv65nrQwHcLE3AQDN0v3qByIrvwWsO1aWu8n/6caxshvXz+5vapzoDdCA
JwEAz9nYK7snKRWdVbePLMO4/3YAGIbh2t22Cye+S+hQSwm4OARiomMKEgorBgEE
AZdVAQUBAQdA9y3AKAoJlxw+W9bAqv6XfQ8oPIghlklyk2C5sC4ToiIDAQgHiH4E
GBYKACYWIQT+UYFvmjGkyjaiVvFkv65nrQwHcAUCYqJjCgIbDAUJCWYBgAAKCRBk
v65nrQwHcPmqAQD5kTAjPTVzmTU6PC69Z2mrTPqtfRXh1tp4ghGXk2q3lAD/dDaI
BpF3tCKY6wbEoCAsEjQQ252RT8lYqz8wKRjXxQc=
=73DP

-----END PGP PUBLIC KEY BLOCK-----


Safe Harbor

When conducting vulnerability research according to this policy, we consider this research to be:

  • Authorized in accordance with the Computer Fraud and Abuse Act (CFAA) (and/or similar state laws), and we will not initiate or support legal action against you for accidental, good faith violations of this policy;
  • Exempt from the Digital Millennium Copyright Act (DMCA), and we will not bring a claim against you for circumvention of technology controls;
  • Exempt from restrictions in our Terms & Conditions that would interfere with conducting security research, and we waive those restrictions on a limited basis for work done under this policy; and
  • Lawful, helpful to the overall security of the Internet, and conducted in good faith.
  • You are expected, as always, to comply with all applicable laws.

If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please inquire via security@parrot.ai before going any further.