Home

About us

Careers

Contact

Schedule a demo

Home

About us

Careers

Contact

Schedule a demo

Bug Bounty

TrainHQ's Bug Bounty Program

TrainHQ's Bug Bounty Program

At TrainHQ, we are committed to ensuring the security and integrity of our services. Our Bug Bounty Program is designed to encourage the identification and reporting of vulnerabilities in our software, helping us improve our system's security and protect our users. We invite security researchers and ethical hackers to contribute to this initiative responsibly.

Scope

The Bug Bounty Program applies to the following services:

The Bug Bounty Program applies to the following services:

TrainHQ’s web application
TrainHQ’s API services
Any subdomains of TrainHQ.ai that are publicly accessible

Exclusions

Exclusions

The following testing methods are not allowed and will be considered as violations of this policy:

The following testing methods are not allowed and will be considered as violations of this policy:

Denial of Service (DoS) attacks
Spamming
Social engineering (including phishing) of TrainHQ staff or contractors
Any physical attempts against TrainHQ property or data centers

Vulnerability reporting guidelines

Vulnerability reporting guidelines

To report a security vulnerability, please follow these steps:

To report a security vulnerability, please follow these steps:

Send your findings to security@trainhq.ai
Provide a detailed summary of the vulnerability, including the environment in which it was discovered, a step-by-step guide to reproduce the issue, and any supporting material like screenshots or logs (if applicable).
Include your contact information for further communication.

Please do not disclose the bug to others until it has been resolved and refrain from using the vulnerability to access, modify, harm, or retain data without TrainHQ's permission.

Please do not disclose the bug to others until it has been resolved and refrain from using the vulnerability to access, modify, harm, or retain data without TrainHQ's permission.

Rewards

Rewards

Rewards will be offered for reports of significant vulnerabilities based on the severity and impact of the vulnerability. The determination of what constitutes a significant vulnerability is at the sole discretion of TrainHQ's security team.

Rewards will be offered for reports of significant vulnerabilities based on the severity and impact of the vulnerability. The determination of what constitutes a significant vulnerability is at the sole discretion of TrainHQ's security team.

Below are the bounty amounts of for each type of severity:

Below are the bounty amounts of for each type of severity:

Critical: $5,000
High: $900
Low and Medium: $50-$500 (*Please read the terms below)

  • Bugs that exclusively impact TrainHQ's public website and do not impact TrainHQ's core product are generally considered low priority unless a clear case can be made for a greater severity, which is at TrainHQ's sole discretion to adjudicate. Bugs that are dependent on a third party provider (such as Framer) to resolve are excluded from this bug bounty program. Participants must adhere to all applicable laws and regulations. Any actions taken that are deemed illegal or unethical will disqualify the participant from receiving any rewards and could result in legal action.

Thank you

Thank you

We appreciate your efforts in helping us ensure the security and privacy of our services at TrainHQ. We are committed to working with the community to resolve issues quickly and safely.