Skip to content

Responsible Disclosure

We take security seriously and welcome reports from security researchers. If you discover a vulnerability, please disclose it responsibly so we can address it promptly.

Scope

In-scope systems

console.jiegou.ai — Main application
mcp.jiegou.ai — MCP server
jiegou.ai — Marketing website
JieGou Chrome Extension — Browser extension (Chrome Web Store)

Out of scope

  • Third-party services (Firebase, AWS, Stripe, LLM providers)
  • Social engineering attacks against JieGou employees
  • Denial of service (DoS/DDoS) attacks
  • Physical security attacks
  • Automated scanning without prior approval
  • Any testing that could degrade service availability

Rules of engagement

  1. 1 Do not access, modify, or delete customer data. If you accidentally access customer data, stop immediately and report it.
  2. 2 Do not perform actions that could degrade service availability (no load testing, DoS, resource exhaustion).
  3. 3 Use dedicated test accounts only. Create your own account for testing; do not test against other users' accounts.
  4. 4 Report vulnerabilities promptly and allow reasonable time for remediation before public disclosure.
  5. 5 Do not use automated scanners against production systems without prior written approval.
  6. 6 Comply with all applicable laws.

How to report

Send reports to

security@jiegou.ai

Please include

  • Description of the vulnerability
  • Step-by-step reproduction instructions
  • Proof of concept (screenshots, videos, or code)
  • Impact assessment
  • Suggested remediation (optional)
  • Your contact information for follow-up

Response timeline

1
Acknowledgment
48 hours
2
Triage and severity assessment
5 business days
3
Remediation (Critical)
7 days
4
Remediation (High)
30 days
5
Remediation (Medium/Low)
90 days

Safe Harbor

JieGou will not pursue legal action against researchers who:

  • Follow this policy and the rules of engagement
  • Report vulnerabilities in good faith
  • Do not exploit vulnerabilities beyond what is necessary to demonstrate them
  • Do not access, modify, or exfiltrate customer data

This responsible disclosure policy does not constitute an employment or contractor relationship. JieGou reserves the right to modify this policy at any time.

security@jiegou.ai Back to Security