SLEEPAL Security & Vulnerability Disclosure Policy

Last Updated: March 29, 2026

At Sleepal, we are committed to ensuring the security of our users and the integrity of our products. We welcome feedback from users to help us improve the safety of our contactless sleep AI system.

  1. How to Report a Vulnerability

If you discover a potential security vulnerability in the Sleepal® AI Lamp or the Sleepal App, please report it to us through the following channel:

  • Official Email: security@sleepal.ai

  • Response Time: Our security team will acknowledge receipt of your report within 48 hours and provide a preliminary assessment.

What to include in your report:

  • A detailed description of the vulnerability.

  • Steps to reproduce the issue (PoC).

  • The affected firmware or app version.

  • Your contact information for follow-up.

Note: To protect our users, we request that you keep any information regarding the vulnerability confidential until we have had the opportunity to investigate and address the issue.

2. Prohibited Activities

While we encourage security research, the following actions are strictly prohibited:

  • Performing Denial of Service (DoS) attacks or activities that disrupt our services.

  • Disclosing sensitive information to third parties before a fix is released.

3. Software Support & Security Maintenance Period

In compliance with international and Australian cybersecurity standards for IoT devices, Sleepal provides a clear commitment to security maintenance:

  • Minimum Support Period: We commit to providing security updates and bug fixes for the Sleepal® AI Lamp for at least 2 years from the launch day.

  • Update Method: Security patches will be delivered automatically via Over-the-Air (OTA) updates through the Sleepal App. We recommend users always keep their devices connected to Wi-Fi to receive the latest protection.

  • End-of-Life (EOL) Transparency: When the product reaches its end-of-support date, we will notify users through the app and update our website accordingly.