Responsible Disclosure

Found a security issue?
We want to know.

We believe in radical transparency. If you find a vulnerability in SightCoach™, report it here. We will acknowledge it, fix it, and credit you — no legal threats, no silence.

Our Commitment

What we promise to you

If you report a security vulnerability to us in good faith, we commit to:

  • Acknowledge your report within 48 hours — you will hear back from us, not silence
  • Keep you informed of our progress — we will update you as we investigate and fix the issue
  • Not take legal action against you — good-faith security research is welcome here
  • Credit you publicly — if you choose, we will acknowledge your contribution on this page
  • Fix it — we will address valid vulnerabilities as quickly as our resources allow

We are a small team. We do not have a dedicated security department. But we take this seriously and we will respond.

Scope

What's in scope and what's not

In Scope — Report These
Authentication bypass or account takeover
SQL injection or database exposure
Cross-site scripting (XSS)
CSRF vulnerabilities
Sensitive data exposure
Server-side request forgery (SSRF)
API key or credential exposure
Unauthorized access to user data
Screen/camera/voice data leakage
Out of Scope — Please Don't
Denial of service (DoS/DDoS) attacks
Social engineering of our team
Physical attacks on infrastructure
Spam or phishing campaigns
Vulnerabilities in third-party services (OpenAI, Stripe, etc.)
Issues requiring unlikely user interaction
Automated scanning without prior notice
Submit a Report

Report a vulnerability

Your report is sent directly to The AiRT Group security team. If you prefer, you can also email security@sightcoach.ai directly.

✓ Report received. We will acknowledge it within 48 hours. Thank you for helping make SightCoach™ more secure.
Hall of Thanks

Acknowledged contributors

No reports have been received yet. Be the first to find something and we will list you here — with your permission.