Scam AI builds deepfake and synthetic-media detection technology. We take the security of our systems, models, and our users' data seriously, and we appreciate the work of security researchers acting in good faith.

Please do not report security vulnerabilities through public GitHub issues.

Email contact@scam.ai with the subject line [SECURITY], and include:

• A description of the issue and its potential impact
• Steps to reproduce (proof-of-concept code, screenshots, or recordings are welcome)
• The affected product, API endpoint, or repository
• Your contact information for follow-up

• Acknowledgment within 2 business days
• Initial assessment within 5 business days
• We will keep you informed of remediation progress, and credit you in any disclosure unless you prefer to remain anonymous

In scope: scam.ai web properties and APIs, our public repositories, and our published SDKs and desktop applications.

Out of scope: denial-of-service testing, social engineering of Scam AI staff, physical attacks, and third-party services we do not control.

We will not pursue legal action against researchers who make a good-faith effort to follow this policy, avoid privacy violations and service disruption, and allow us reasonable time to remediate before public disclosure.