1. Introduction

Scholar iQ is committed to maintaining the security, integrity, and availability of its platforms, services, and user data. We appreciate the efforts of security researchers and members of the cybersecurity community who help identify vulnerabilities through responsible disclosure.

This Vulnerability Disclosure Policy outlines how to report potential security issues and defines expectations for responsible testing and disclosure.

2. Scope

This policy applies to security vulnerabilities discovered in Scholar iQ–owned web applications, APIs, platforms, and digital services.

Vulnerabilities affecting third-party services, partner institutions, or external platforms not controlled by Scholar iQ are outside the scope of this policy.

3. Responsible Disclosure Expectations

  • Conduct testing in good faith and avoid unnecessary disruption to services.
  • Do not exploit vulnerabilities beyond what is required to demonstrate impact.
  • Do not access, modify, store, or disclose personal, confidential, or proprietary data.
  • Avoid social engineering, phishing, denial-of-service attacks, spamming, or physical access attempts.
  • Submit one vulnerability per report unless issues are interdependent.
  • Maintain confidentiality and do not publicly disclose vulnerabilities until Scholar iQ has had reasonable time to remediate.

4. Good Faith Safe Harbor

Scholar iQ supports responsible security research conducted in accordance with this policy.

We will not initiate legal action against researchers who make a good faith effort to comply with this policy and avoid harm to users or systems.

5. How to Report a Vulnerability

When submitting a vulnerability report, please include:

  • A clear description of the vulnerability and its potential impact
  • Steps to reproduce the issue
  • Affected URLs, endpoints, APIs, or components
  • Screenshots, logs, or proof-of-concept (if available)

Reports should be written in English and include sufficient detail to enable validation and remediation.

6. Scholar iQ Response Process

Upon receiving a valid vulnerability report, Scholar iQ aims to:

  • Acknowledge receipt of the report within a reasonable timeframe
  • Assess and validate the reported issue
  • Prioritize remediation based on severity and impact
  • Implement fixes as appropriate

Scholar iQ does not currently operate a bug bounty or monetary reward program.

7. Reporting Non-Security Issues

Issues unrelated to security vulnerabilities—such as support requests, content corrections, or service inquiries—should be reported through standard support channels on the Scholar iQ website.

8. Limitation of Liability

Scholar iQ is not responsible for disruptions, damages, or losses arising from unauthorized testing activities that fall outside the scope of this policy or violate applicable laws.

9. Contact Information

To report a security vulnerability or for security-related inquiries, please contact:

Scholar iQ Security Team
Email: [email protected]

For non-security inquiries, please visit our Contact Page.