Security Contact and Responsible Disclosure
Version: v1.0
Last updated: 13.07.2026
Next review: 01.10.2026
This page provides instructions and contact details for reporting security incidents, vulnerabilities, and privacy concerns on the Lyyli.ai platform. It defines responsible disclosure rules for security researchers and IT specialists and clearly excludes certain attack types and testing methods.
We take the security of our systems and our customers' privacy very seriously. If you discover a possible security vulnerability or privacy concern during testing or everyday use, or wish to ask about contractual or processing matters, please contact our specialists directly.
- Security findings and vulnerabilities: security@lyyli.ai
- Privacy, contracts, and GDPR questions: privacy@lyyli.ai
- General support requests: hello@lyyli.ai
Responsible disclosure principles
If you are a security researcher or IT specialist and have found a possible vulnerability in our systems, please follow these cooperation practices:
- Do not harm customer data: Do not attempt to access, modify, or delete data you are not explicitly authorised to use.
- Document your finding clearly: Describe the issue, steps to reproduce, and a proof-of-concept demonstration, plus affected system components in detail.
- Allow time for investigation and remediation: Give us reasonable time to investigate and fix the issue securely before public disclosure.
- Our response time: We aim to respond and acknowledge valid reports within 5 business days of receipt.
Limitations and prohibited methods
The following methods and attack types are outside our responsible disclosure practice and are strictly prohibited on our systems:
- Social manipulation, phishing, or other attacks targeting Lyyli staff, partners, or customers.
- Denial of service attacks (DoS/DDoS) or other actions that may slow or disrupt normal platform operation.
- Internal issues in third-party services or subprocessors without a directly demonstrable impact on the Lyyli platform.