Skip to main content

Security Reporting Policy

At Lotly, we prioritize data security and believe that collaborating with skilled security researchers helps us uncover and address any vulnerabilities in our technology.

If you suspect you've discovered a security flaw in Lotly's services, please contact us. We will work together to swiftly resolve the issue.

Disclosure Policy

Report any security incidents, potential vulnerabilities, or security-related questions to privacy@lotly.ai. This is the same shared inbox that handles privacy, data-protection, and DSAR requests, so a single message reaches the people who need to triage it. We will respond promptly.

Please allow us adequate time to address the issue before publicly disclosing it or sharing it with third parties.

We ask that you avoid actions that could compromise privacy, damage data, or disrupt Lotly's services. Only interact with accounts you own or those for which you have explicit authorization from the account holder.

Scope

In scope: lotly.ai and its subdomains, and Lotly-operated web applications served from those domains.

Out of scope: production systems and databases containing live consumer-report or tenant data, third-party services and infrastructure not operated by Lotly, and Subscribers' own websites and systems. If you encounter personal information, consumer-report data, or another user's data during research, stop immediately, do not access, copy, download, or retain it, and report what you found to us. Do not exfiltrate data under any circumstances.

Safe Harbor

Security research conducted in good faith and in accordance with this policy is considered authorized, and Lotly will not initiate legal action against you for it. If a third party brings legal action against you for research that complied with this policy, we will make it known that your activities were conducted in accordance with this policy.

Exclusions

While conducting research, please refrain from the following activities:

  • Distributed Denial of Service (DDoS) attacks
  • Spamming
  • Social engineering or phishing attempts targeting Lotly employees or contractors
  • Any attacks on Lotly's physical property or data centers

Thank you for your efforts in helping us safeguard Lotly and our users!

Updates

These guidelines may be updated periodically. The latest version will always be available on this page.

We welcome your feedback, questions, and suggestions. Feel free to reach out to us at privacy@lotly.ai.

Sign up for our mailing list

Stay posted on new products, discounts, and news.

Disclaimer: By submitting your email you agree to our Privacy Policy and Terms, and consent to receive marketing emails from Lotly. You can unsubscribe at any time using the link in any email.