Vulnerability Disclosure Program
At Lema, the security of our platform and the protection of our customers' data are top priorities. We value the contributions of security researchers and the broader community in helping us maintain a secure environment. If you believe you have discovered a security vulnerability in any Lema-owned asset, we encourage you to report it to us responsibly.
Scope
In-Scope
This program covers vulnerabilities found in:
- Lema's web applications and APIs
- Lema's production infrastructure
- Any Lema-owned domains or subdomains
Out of Scope
The following are not covered by the program:
- Third-party services or integrations not owned by Lema
- Social engineering attacks (e.g., phishing) against Lema employees
- Denial-of-service (DoS/DDoS) attacks
- Physical security issues
How to Report
Please submit vulnerability reports to: security@lema.ai
Include the following in your report:
- A detailed description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any supporting evidence (screenshots, proof-of-concept code, logs)
Our Commitment
- We will acknowledge receipt of your report within 3 business days.
- We will provide an initial assessment within 10 business days.
- We will keep you informed of our progress toward remediation.
- We will not pursue legal action against researchers who report vulnerabilities in good faith and comply with this policy.
Researcher Guidelines
- Do not access, modify, or delete data belonging to other users.
- Do not perform actions that could degrade Lema's services or harm our users.
- Do not publicly disclose vulnerability details until Lema has had a reasonable opportunity to remediate the issue.
- Act in good faith and comply with all applicable laws.
Recognition
We appreciate the efforts of security researchers who help keep Lema and our customers safe. With your permission, we are happy to publicly acknowledge your contribution.
Contact
For all security-related inquiries, please contact us at: security@lema.ai
