At TrainHQ, we are committed to ensuring the security and integrity of our services. Our Bug Bounty Program is designed to encourage the identification and reporting of vulnerabilities in our software, helping us improve our system's security and protect our users. We invite security researchers and ethical hackers to contribute to this initiative responsibly.
Scope
TrainHQ’s web application
TrainHQ’s API services
Any subdomains of TrainHQ.ai that are publicly accessible
Denial of Service (DoS) attacks
Spamming
Social engineering (including phishing) of TrainHQ staff or contractors
Any physical attempts against TrainHQ property or data centers
Complete this bug bounty form
Provide a detailed summary of the vulnerability, including the environment in which it was discovered, a step-by-step guide to reproduce the issue, and any supporting material like screenshots or logs (if applicable)
Include your contact information for further communication.
Critical: $1,000
High: $500
Low and Medium: $50-$100 (*Please read the terms below)
I understand and agree that bug reports that are either (a) a best practice and not strictly an immediate security vulnerability, and/or (b) optional in nature, and/or (c) only impact TrainHQ's public website (and not its core product) are *not* eligible for a bug bounty award. Bugs that are dependent on a third party provider (such as Framer) to resolve are excluded from this bug bounty program. Participants must adhere to all applicable laws and regulations. Any actions taken that are deemed illegal or unethical will disqualify the participant from receiving any rewards and could result in legal action.
We appreciate your efforts in helping us ensure the security and privacy of our services at TrainHQ. We are committed to working with the community to resolve issues quickly and safely.