Responsible Disclosure Policy

Alii is committed to protecting the security and privacy of our customers, partners, and systems. We value the contributions of security researchers in helping us maintain a secure environment and welcome reports of potential vulnerabilities.

Scope

This policy applies to vulnerabilities found in:

• Alii-owned and operated systems, applications, and services
• Alii-developed software products
• Publicly accessible interfaces and APIs provided by Alii

It does not cover vulnerabilities in third-party services, systems, or products not under our direct control.

How to Report a Vulnerability

If you believe you have found a security vulnerability in an Alii system or product, please email security@myalii.cloud. After initial contact, we will provide you with secure submission instructions so you can share technical details safely. Technical details should include the following details:

• A clear, concise description of the vulnerability
• The systems, applications, or services affected
• Steps to reproduce the issue (including any proof-of-concept code or screenshots, if available)

Safe Harbour

If you follow this policy in good faith when reporting a vulnerability, we will:

• Consider your actions to be authorised under applicable laws
• Work with you to understand and resolve the issue quickly
• Not initiate legal action against you for your research

You must agree to:

• Avoid actions that could harm Alii systems, data, or users
• Not access, modify, or delete data
• Not publicly disclose the vulnerability until we have confirmed a fix

Our Commitment

• We will acknowledge your report within 5 business days.
• We will keep you informed of our progress.
• We will notify you when the vulnerability is resolved.

Recognition

While we do not offer monetary rewards, we maintain a Security Hall of Recognition on our website to acknowledge individuals who help improve our security.