Security & vulnerability disclosure

We take the security of Kiki and the workspaces that trust it seriously. If you believe you have found a vulnerability, we want to hear from you, and we will treat your report with urgency and respect.

How to report

Email [email protected] with:

  • A description of the issue and where it lives (kikitranslate.com, the account/checkout flow, or the Kiki Slack app itself)
  • Steps to reproduce, a proof of concept, or anything that helps us see what you saw
  • Your assessment of impact, if you have one

Please use English if you can; if not, write in any language and Kiki's own translation will earn its keep.

What to expect from us

  • Acknowledgement of your report within 2 business days
  • An assessment and severity triage within 7 days, with a remediation plan for confirmed issues
  • A fix for confirmed critical issues as our top engineering priority, and a note to you when it ships
  • Credit for the finding if you want it, silence if you prefer

Scope

In scope: this website, the sign-in and checkout flows at kikitranslate.com, the Kiki Slack application (OAuth, webhooks, message handling), and our handling of workspace data. Out of scope: denial of service, volumetric attacks, social engineering of our staff or users, physical attacks, and findings in third-party services we use (Slack, PayPal, Cloudflare, and our model providers) unless the flaw is in how Kiki integrates them.

Safe harbor

We will not pursue legal action against good-faith security research that respects this policy: make a genuine effort to avoid privacy violations, data destruction, and service disruption; use test workspaces rather than other people's data where possible; and give us reasonable time to remediate before disclosing publicly. We currently do not run a paid bug bounty, but we are grateful, and we say so publicly if you let us.

This policy covers the Kiki Slack app and kikitranslate.com, operated by ARTranslation Technologies (OPC) Pvt. Ltd. Last updated: July 2026.