Bug Bounty Policy

We take security seriously. If you believe you've found a security vulnerability in our systems, we want to hear from you.

In-Scope Properties

The following domains and their subdomains are covered by this policy:

  • buildersacademy.ai
  • house.buildersacademy.ai
  • education.buildersacademy.ai

Reporting Instructions

  1. Email your findings to security@buildersacademy.ai.
  2. Include a clear description of the vulnerability.
  3. Provide step-by-step instructions or a proof of concept (PoC) to reproduce the issue.
  4. Include any relevant screenshots, scripts, or video recordings.

Program Rules & Safe Harbor

Rules:

  • Do not exploit the vulnerability further than necessary to demonstrate its presence.
  • Do not access, modify, delete, or exfiltrate user data.
  • Do not perform denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks.
  • Do not use automated scanners or tools that generate significant traffic.
  • Do not perform physical attacks, social engineering, phishing, or spam against our users, employees, or infrastructure.

Safe Harbor

If you conduct your security research and vulnerability reporting in accordance with this policy, we consider your actions authorized. We will not initiate legal action or law enforcement investigation against you for accidental, good-faith violations of this policy.

Rewards

At this time, we do not offer monetary rewards or a paid bug bounty program. We deeply appreciate community contributions and will offer public acknowledgment (Hall of Fame) for valid, actionable reports that lead to a fix.