Responsible security reporting
AYOHI takes security reports seriously. If you believe you have found a possible security vulnerability affecting an AYOHI website, app, game, tool, utility, software product, account feature, product page, or related digital service, please report it responsibly using the contact information on this page.
This page explains how to submit a security report, what information to include, what types of testing are not allowed, and how AYOHI may review security-related messages. It is intended for users, security researchers, developers, app-store reviewers, platform partners, and anyone who wants to report a possible security issue safely.
Last updated: July 7, 2026
What to report
Security reports should describe a real or suspected vulnerability that could affect users, accounts, data, software integrity, website functionality, platform safety, or product availability.
| Possible issue type | Examples | Useful details |
|---|---|---|
| Account or authentication issue | Unexpected access to an account, weak authorization behavior, session handling concerns, or sign-in-related security problems. | Product name, affected account flow, steps to reproduce, expected behavior, observed behavior. |
| Data exposure | Access to data that should not be visible, accidental exposure of user content, or incorrect permission handling. | Affected page, product, data type, impact, screenshots with sensitive data removed where possible. |
| Website vulnerability | Issues affecting public pages, forms, web tools, product pages, or website functionality. | URL, browser, device, request details, reproduction steps, and impact explanation. |
| App or software issue | Security behavior affecting an app, game, tool, utility, desktop product, or web product. | Product version, platform, device, operating system, screenshots, logs, and reproduction steps. |
| Configuration concern | Publicly exposed files, incorrect access settings, misconfigured endpoints, or unexpected service behavior. | Affected resource, URL or endpoint, safe proof of concept, and potential impact. |
| Abuse or misuse risk | Product behavior that could allow spam, impersonation, automation abuse, account misuse, or harmful activity. | Feature name, abuse scenario, possible impact, and suggested mitigation if available. |
What to include in a report
A clear report helps AYOHI understand, reproduce, and review a possible issue. Please include enough detail to explain the impact without exposing private information or performing harmful activity.
| Information | Why it helps |
|---|---|
| Affected product or page | Identifies which AYOHI website, app, game, tool, utility, endpoint, or product the report relates to. |
| Platform and version | Helps separate Android, iOS, web, desktop, browser, app-store, or version-specific behavior. |
| Steps to reproduce | Shows how the issue can be reviewed safely and consistently. |
| Impact explanation | Explains what could happen if the issue is confirmed and why it matters. |
| Proof of concept | Provides safe evidence without accessing, changing, deleting, or exposing real user data. |
| Contact information | Allows follow-up questions, clarification, and confirmation when appropriate. |
Email report template
You can use the format below when submitting a security report.
Subject: AYOHI Security Report
Affected product or page:
Platform:
Product version, browser, or device:
Summary of the issue:
Steps to reproduce:
Expected behavior:
Observed behavior:
Potential impact:
Safe proof of concept:
Your contact information:
Safe testing rules
Security testing must be limited, responsible, and designed to avoid harm. Reports should be based on safe observation or controlled proof of concept only.
Do not perform testing that could damage systems, disrupt services, expose private data, affect other users, bypass payment systems, overload infrastructure, or violate laws, platform rules, or third-party terms.
Activities that are not allowed
The following activities are not authorized by this Security Disclosure page.
| Not allowed | Examples |
|---|---|
| Unauthorized access | Accessing, attempting to access, modifying, deleting, copying, or exporting data that does not belong to you. |
| Service disruption | Denial-of-service testing, load testing, stress testing, resource exhaustion, or actions that reduce availability. |
| Social engineering | Phishing, impersonation, contacting users, contacting employees, attempting credential theft, or manipulating people. |
| Physical attacks | Attempts to access physical devices, offices, infrastructure, facilities, or personal equipment. |
| Malware or harmful payloads | Uploading malware, destructive files, ransomware, backdoors, credential stealers, or malicious scripts. |
| Spam and abuse testing | Sending spam, mass requests, fake registrations, fake reviews, abusive messages, or automated platform abuse. |
| Payment abuse | Bypassing purchases, manipulating subscriptions, abusing refunds, changing entitlement data, or testing payment fraud. |
| Privacy invasion | Viewing, storing, sharing, or publishing another user’s personal data, private content, account information, or messages. |
Out-of-scope reports
Some reports may be useful as product feedback but may not be treated as security vulnerabilities. AYOHI may route these reports to support, product review, or general feedback instead.
| Out-of-scope example | Where to send it instead |
|---|---|
| Broken links, spelling mistakes, design issues, or outdated text. | Support |
| Feature requests, product suggestions, or general feedback. | Support |
| Reports about third-party services that AYOHI does not control. | The relevant third-party provider. |
| Missing security headers on static pages without a clear exploit path. | Support or general website feedback, unless a real impact is demonstrated. |
| Self-XSS, browser-only behavior, or device-specific behavior without impact on other users or systems. | Support, unless a real security impact is clearly explained. |
| Automated scanner output without explanation, reproduction steps, or demonstrated impact. | Security contact only if impact is explained clearly and safely. |
How AYOHI reviews reports
After a report is received, AYOHI may review the information, ask for clarification, attempt to reproduce the issue, assess potential impact, prioritize the concern, and determine whether a fix, mitigation, product change, or third-party escalation is needed.
Response time may vary depending on the product, severity, available information, affected platform, third-party services, development status, and whether the issue can be reproduced.
No bounty program
Unless a separate program is announced in writing, AYOHI does not operate a paid bug bounty program. Submitting a report does not create an obligation for payment, reward, public credit, employment, contract work, or any other compensation.
AYOHI appreciates responsible reports that help protect users and improve products, but all reports must follow the safe testing rules on this page.
Confidentiality and public disclosure
Please do not publicly disclose a possible vulnerability before AYOHI has had a reasonable opportunity to review and address it. Public disclosure before review can increase risk for users, products, platforms, and third-party services.
Reports may include sensitive technical information. Do not include private user data, secrets, credentials, payment information, personal information, or confidential third-party data unless it is absolutely necessary to understand the issue, and never include data that was accessed without authorization.
Third-party services and platforms
Some AYOHI products may rely on third-party platforms such as app stores, cloud providers, payment providers, analytics services, authentication systems, social platforms, or hosting services.
If a vulnerability affects a third-party service directly, it may need to be reported to that third party under their own responsible disclosure process. AYOHI may not be able to fix issues in services it does not control.
Privacy during security reporting
Security reports may include contact details, technical information, product details, screenshots, logs, or other information provided by the reporter. AYOHI may use this information to review, reproduce, communicate about, and resolve the reported issue.
More information about privacy practices is available in the Privacy Policy. More information about the general data and security approach is available on the Data & Security page.
Security report contact
Use the official contact link below to submit a responsible security report related to AYOHI websites, apps, games, tools, utilities, software products, or related digital services.