Security & Responsible Disclosure Policy

Responsible Disclosure

We take the security of INITE Education platform seriously. If you discover a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.

What to Include in Your Report

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact of the vulnerability
• Any suggested fixes or mitigation steps
• Your contact information (if you wish to be credited)

Our Commitment

When you report a security issue, we commit to:

• Respond to your report within 48 hours
• Keep you informed about the progress of fixing the issue
• Credit you for the discovery (if you wish) once the issue is resolved
• Not take legal action against researchers who follow responsible disclosure practices

Our Security Practices

• Regular security audits and updates
• Encryption of sensitive data in transit and at rest
• Secure API communication with authentication
• Rate limiting and abuse prevention
• Regular dependency updates and vulnerability scanning
• GDPR compliance and user privacy protection

Scope

The following are in scope for security reports:

• inite.education (main platform)
• API endpoints
• Authentication and authorization systems
• Data storage and handling

Out of scope:

• Social engineering attacks
• Physical security issues
• Denial of Service (DoS/DDoS) attacks
• Issues in third-party services we use

Safe Harbor

We support safe harbor for security researchers who:

• Make a good faith effort to avoid privacy violations and disruptions
• Do not access or modify data that doesn't belong to them
• Give us reasonable time to respond before public disclosure
• Do not exploit the vulnerability beyond what is necessary to demonstrate it