Welcome to the Smith.ai Responsible Disclosure Program
I. Overview
The following terms of use (the “Terms of Use”) apply when you access or use the Smith.ai Responsible Disclosure Program and any related website or reporting channel (collectively, the “Site”). By accessing or using the Site, you agree to comply with and be bound by these Terms of Use. If you do not agree to these Terms of Use, you must not access or use the Site.
Smith.ai provides this Responsible Disclosure Program to allow security researchers and members of the public to report potential security vulnerabilities in good faith. If Smith.ai determines, in its sole discretion, that a reported security vulnerability complies with these Terms of Use and any applicable disclosure guidelines, Smith.ai will not pursue legal action against you for security research conducted in good faith and in compliance with these Terms of Use and applicable law.
This Responsible Disclosure Program is a voluntary security reporting initiative only and is not a bug bounty program.
II. Privacy Policy
We respect the privacy of participants in our Responsible Disclosure Program. Please review our Privacy Policy to understand how we collect, use, and disclose information. By accessing or using the Site, you agree to our Privacy Policy.
III. Eligibility Requirements
You agree that you will not, under any circumstances:
- Cause harm to Smith.ai, its customers, users, or others;
- Be a resident of, or make your Submission from, a country or region subject to U.S. export sanctions or trade restrictions;
- Be listed on any U.S. government list of prohibited or restricted parties;
- Violate any applicable national, state, or local law or regulation;
- Compromise the privacy, safety, or data of Smith.ai or its customers;
- Store, share, retain, misuse, or destroy Smith.ai or customer data;
- Engage in testing that degrades, disrupts, or damages our services; or
- Participate if you are under 14 years of age. If you are a minor in your jurisdiction, you must obtain parental or legal guardian consent prior to participation.
If Smith.ai determines that you do not meet these criteria, we reserve the right to disqualify you from participation in the Responsible Disclosure Program.
Any vulnerability reports submitted through the Site shall be considered “Submissions” under these Terms of Use.
IV. Posting and Conduct Restrictions
By submitting any Submission, you represent and warrant that:
- You are solely responsible for your activities;
- Your Submission is original to you and does not violate any third-party rights;
- You have not exploited the vulnerability beyond what is reasonably necessary to demonstrate its existence;
- You have not accessed, modified, deleted, or exfiltrated data beyond the minimum necessary to demonstrate the issue;
- You will not publicly disclose the vulnerability until Smith.ai has had a reasonable opportunity to investigate and remediate the issue;
- You will not demand payment or threaten disclosure in exchange for compensation;
- You will not conduct denial-of-service attacks, social engineering, phishing, spam, or physical attacks; and
- You will not introduce malicious software or attempt to disrupt systems.
Smith.ai reserves the right to determine whether any Submission complies with these Terms of Use and to remove, reject, or disregard any Submission at its sole discretion.
V. Access Limitation; Appropriate Action
Smith.ai reserves the right to limit, suspend, or terminate access to the Site or Responsible Disclosure Program at any time if a participant violates these Terms of Use or engages in conduct that Smith.ai determines to be unlawful, abusive, harmful, or inconsistent with responsible security research.
VI. No Compensation; No Bug Bounty Program
Smith.ai’s Responsible Disclosure Program is not a bug bounty program.
Smith.ai does not offer, and expressly disclaims, any monetary reward, bounty, payment, compensation, reimbursement, or other remuneration for any Submission.
By submitting a Submission, you acknowledge and agree that:
- You are acting voluntarily.
- You have no expectation of compensation.
- You are not entitled to payment or financial reward of any kind.
- No contract, promise, or obligation of compensation is created by your Submission.
- Smith.ai’s review, validation, acknowledgment, remediation, or use of your Submission does not create any right to compensation.
Smith.ai may, at its sole discretion, choose to publicly acknowledge individuals who submit valid reports. Such acknowledgment does not create any obligation of payment or reward.
Any attempt to condition disclosure upon payment, or to threaten public disclosure in exchange for compensation, may result in removal from the program and potential legal action.
VII. License Grant
By submitting a Submission, you grant Smith.ai and its affiliates a perpetual, irrevocable, worldwide, royalty-free, fully paid-up license to use, reproduce, modify, create derivative works from, distribute, disclose, and otherwise use the information contained in your Submission for any lawful purpose.
You represent that you have all rights necessary to grant this license.
You acknowledge that your Submission is provided without expectation of compensation.
VIII. Intellectual Property
Smith.ai and its licensors retain all rights, title, and interest in and to the Site and all related intellectual property. Nothing in these Terms of Use grants you any ownership rights in Smith.ai’s systems, software, or materials.
IX. Disclaimer; Limitation of Liability
THE SITE AND RESPONSIBLE DISCLOSURE PROGRAM ARE PROVIDED “AS IS” WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, SECURITY, ACCURACY, OR NON-INFRINGEMENT.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, SMITH.AI SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING LOSS OF PROFITS, DATA, GOODWILL, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR RELATED TO YOUR USE OF OR PARTICIPATION IN THE RESPONSIBLE DISCLOSURE PROGRAM.
X. Confidentiality
Any non-public information you obtain regarding Smith.ai or its customers during participation in the Responsible Disclosure Program (“Confidential Information”) must be kept confidential and used solely for purposes of responsible disclosure.
You may not disclose Confidential Information without Smith.ai’s prior written consent.
XI. Indemnification
You agree to defend, indemnify, and hold harmless Smith.ai, its officers, directors, employees, and agents from and against any claims, damages, liabilities, losses, or expenses (including reasonable attorneys’ fees) arising out of or related to:
- Your violation of these Terms of Use;
- Your violation of applicable law; or
Any claim that your Submission infringes upon or violates the rights of a third party.
XII. Modifications
Smith.ai may amend these Terms of Use at any time. Continued participation in the Responsible Disclosure Program after changes are posted constitutes acceptance of the revised Terms.
XIII. Governing Law; Venue
These Terms of Use are governed by the laws of the State of California, without regard to conflict of law principles. Any disputes arising out of these Terms shall be brought exclusively in the state or federal courts located in San Mateo County, California, and you consent to such jurisdiction and venue.
XIV. Contact Information
If you have questions regarding these Terms of Use, please contact:
.svg)
