Security

Our Security Commitment

At Gradulo, protecting our users' data—especially children's data—is our top priority. We implement industry-standard security practices to ensure your information is safe:

• All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Secure authentication with password hashing (bcrypt)
• Regular security audits and penetration testing
• Strict access controls and audit logging
• Infrastructure hosted on secure, SOC 2 compliant providers

Rewards

We may offer rewards for responsibly disclosed security vulnerabilities based on the severity and impact of the issue. Contact us to learn more.

Responsible Disclosure Guidelines

To qualify for our bounty program, please follow these guidelines:

• Report vulnerabilities promptly after discovery
• Give us reasonable time to fix issues before public disclosure (90 days)
• Do not access, modify, or delete data belonging to other users
• Do not perform actions that could harm the service or its users
• Do not use automated scanning tools that generate excessive traffic
• Only test against your own accounts

Out of Scope

The following are typically not eligible for rewards:

• Social engineering attacks (phishing, etc.)
• Denial of service attacks
• Issues in third-party services or dependencies
• Already known or previously reported issues
• Issues that require physical access to a user's device
• Vulnerabilities affecting outdated browsers

Our Response Timeline

• Initial Response: Within 48 hours
• Severity Assessment: Within 7 days
• Fix Timeline: Depends on severity (critical issues are prioritized)
• Bounty Payment: Within 30 days of fix confirmation

Questions?

For security-related questions or to report a vulnerability:

security@gradulo.com

For general support inquiries, please contact support@gradulo.com