Effective Date: 4/1/2026

At this time, we do not operate a formal public bug bounty program, nor do we engage third-party platforms such as HackerOne or Bugcrowd to administer one.

However, we recognize the important role that the security research community plays in identifying potential vulnerabilities, and we are committed to maintaining a strong security posture through responsible disclosure practices. We actively encourage security researchers, customers, and partners to report suspected security vulnerabilities to us through a designated disclosure channel at security@ff-ai.com.

All submitted reports are reviewed and triaged by our internal engineering and security teams in accordance with established incident response and vulnerability management processes. Valid findings are prioritized based on severity and potential impact, and we work to remediate issues in a timely and controlled manner. When appropriate, we may engage directly with the reporting party to gather additional context or coordinate resolution.

While we do not currently offer monetary rewards for vulnerability disclosures, we value and appreciate the efforts of individuals who help improve the security of our systems. As part of our ongoing commitment to security and continuous improvement, we periodically evaluate the potential implementation of a formal bug bounty program as our security program matures.

Contact Us

If you have any questions or concerns about this Policy, or you would like to make a request, please contact us at: Legal@ff-ai.com.