FoloToy AI

Security Vulnerability Reporting

Effective Date: 2026-03-18

FOLOTOY CREATIVE PTE. LTD. ("FOLOTOY," "we," "our," or "us") is committed to the security of our products and services. We welcome and encourage security researchers and users to report any security vulnerabilities they discover.

How to Report a Security Issue

If you believe you have found a security vulnerability in any FOLOTOY product or service, please report it to us by emailing:

[email protected]

When reporting a vulnerability, please include as much detail as possible, such as:

  • A description of the vulnerability and its potential impact
  • Steps to reproduce the issue
  • The product or service affected (including model, firmware version, or app version if applicable)
  • Any supporting evidence (screenshots, logs, proof of concept)

What to Expect

  • Acknowledgment: We will acknowledge receipt of your report within 5 business days.
  • Status Updates: We will provide regular status updates on our investigation and remediation efforts until the reported issue is resolved.
  • Resolution: We aim to resolve confirmed vulnerabilities as quickly as possible and will notify you when the issue has been addressed.

Responsible Disclosure

We kindly ask that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to investigate and address the issue. We are committed to working with researchers in good faith and will not take legal action against those who report vulnerabilities responsibly.

Scope

This policy applies to all FOLOTOY products and services, including but not limited to:

  • FOLOTOY AI toys (Fofo, Cactus, Panda-Momo, Teddy-Kumma, and all other models)
  • FOLOTOY mobile applications (iOS and Android)
  • FOLOTOY web application and website (folotoy.com)
  • FOLOTOY cloud services and APIs

Contact

Security issues: [email protected]

General enquiries: [email protected]