Skip to main content
ASIRI

Report security issues safely.

Asiri welcomes coordinated vulnerability reports that help protect customer tenants, evidence records, and public trust surfaces.

Email security Trust & security
Effective: 31 May 2026 · Version 1.0

What to send

Include the affected URL or API route, reproduction steps, impact, tenant context if relevant, screenshots or logs with secrets redacted, and a safe proof of concept.

Keep data safe

Do not access, modify, delete, exfiltrate, or retain customer data. If you encounter data, stop testing and report immediately.

How we respond

We acknowledge valid reports, triage severity, preserve an internal audit trail, and coordinate remediation before public disclosure where applicable.

Scope

What researchers may test

In scope

  • asiri.ng and public marketing pages
  • app.asiri.ng authenticated application surfaces
  • docs.asiri.ng developer documentation
  • Public APIs and webhook verification paths owned by Asiri
  • Authentication, authorization, tenant isolation, and evidence-export flows

Out of scope

  • Denial-of-service or traffic-volume testing
  • Social engineering, phishing, or physical attacks
  • Spam, content injection without security impact, or scanner-only findings
  • Issues in third-party services unless they expose Asiri customer data
  • Testing against customer tenants or data without written authorization
Rules

Safe-harbor expectations

Good-faith testing

If you act in good faith, stay within this policy, avoid privacy harm, and give us reasonable time to remediate, Asiri will not initiate legal action for the research activity itself. This does not authorize access to customer data, destructive testing, or violation of third-party terms.

Disclosure process

  1. 1. Email security@asiri.ng with the report and safe proof of concept.
  2. 2. We acknowledge receipt and may ask for clarifying detail.
  3. 3. We triage severity, assign an owner, and preserve an audit record.
  4. 4. We remediate, verify, and coordinate any public credit or disclosure.
Contact

Send reports to the security team

security@asiri.ng

Use the subject line "Security report" and include enough detail for us to reproduce the issue without accessing live customer data.

Email security