As a part of Scholify’s commitment to a seamless user experience, we reward contributors who share with us the reports of any bugs or errors affecting a seamless experience. We make it a priority to resolve the reported issues as quickly as possible in order to best serve our users. Scholify also offers public recognition for those who report valid bugs and any suggestions towards improving/solving them.

Eligibility and Participation Requirements

In order to be eligible for an Scholify Bug Bounty Program, the issue must occur on the latest publicly available versions of the Scholify Android/iOS app or the website. These eligibility rules are meant to protect our users until an update is available, ensure Scholify can quickly verify reports and create necessary updates, and properly reward those doing original research. Researchers must:

To participate in this bug bounty you must:

To qualify for a bounty you must:

Report and Payout Guidelines

The goal of the Scholify Bug Bounty Program is to ensure a smooth, safe, and seamless experience to our users through understanding both vulnerabilities and their effects. Reports that include a basic proof of concept instead of a working exploit are eligible to receive no more than 50% of the maximum payout amount. Reports lacking necessary information to enable Scholify to efficiently reproduce the issue will result in a significantly reduced bounty payment, if accepted at all. A complete report includes:

The more details provided in the initial report, the easier it will be for Scholify to evaluate your report.

Sending your report

Send your report by email to Include all relevant videos, images, crash logs, and system diagnosis reports in your email.

Terms and Conditions

You must not disrupt, compromise, or otherwise damage data or property owned by Scholify or other parties. This includes attacking any devices or accounts other than your own (or those for which you have explicit, written permission from their owners), and using phishing or social engineering techniques.

  1. You must not disrupt Scholify services.
  2. Immediately both stop your research and notify Scholify on the email before any of the following occur:
    • You access any accounts or data other than your own (or those for which you have explicit, written permission from their owners).
    • You disrupt any Scholify service
  3. You must comply with all applicable laws, including local laws.
  4. Scholify Bug Bounty Program payments are granted solely at the exclusive discretion of Scholify.
  5. You are responsible for the payment of all applicable taxes, if any.
  6. A participant in the Scholify Bug Bounty Program (“SBBP Participant”) will not be deemed to be in breach of applicable Scholify license provisions which provide that a user of Scholify may not copy, decompile, reverse engineer, disassemble, attempt to derive the source code of, decrypt, modify, or create derivative works of such Scholify, for in scope actions performed by that SBBP Participant where all of the following are met:
    • The actions were performed during good-faith security research, which was — or was intended to be — responsibly reported to Scholify;
    • The actions were performed strictly during participation in the Scholify Bug Bounty Program; and
    • Neither the actions nor the SBBP Participants have otherwise violated these policies such as violating legal requirements 1, 2, and 3, above.

If you follow the program terms, we will not initiate a lawsuit or law enforcement investigation against you in response to your report. Please understand that this waiver does not apply to your security research that involves the networks, systems, information, applications, devices, products, or services of another party (which is not Scholify). We cannot and do not authorize security research in the name of other entities.

Confidentiality Obligations

“Confidential Information” means any information that is marked or otherwise designated as confidential at the time of disclosure or that a reasonable person would consider confidential based on the circumstances and content of the disclosure, and which is disclosed in connection with a Scholify Bug Bounty Program. Confidential Information does not include information that: (i) is or becomes known to the receiving party from a source other than one having an obligation of confidentiality to the disclosing party; (ii) is or becomes publicly known or otherwise ceases to be confidential, except through a breach of this Agreement; or (iii) is independently developed by the receiving party.

Before engaging in any testing or submitting findings you agree that you will (i) hold in confidence and not disclose to any third party any Confidential Information, except as approved in writing by disclosing party; (ii) protect such Confidential Information with at least the same degree of care that the Researcher uses to protect its own Confidential Information, but in no case, less than reasonable care; (iii) use the disclosing party’s Confidential Information for no purpose other than the use permitted by the disclosing party; and (iv) immediately notify disclosing party upon discovery of any loss or unauthorized disclosure of disclosing party’s Confidential Information

ALL SUBMISSIONS ARE CONFIDENTIAL INFORMATION OF THE PROGRAM OWNER UNLESS OTHERWISE STATED IN THE BOUNTY BRIEF. This means no submissions may be publicly disclosed at any time unless the Program Owner has otherwise consented to disclosure.

Good Faith Participation

All participants in the Bug Bounty Program must act in good faith when investigating vulnerabilities. "Good Faith" means:

Failure to act in good faith will result in immediate disqualification from the Bug Bounty Program and ineligibility for receiving any benefit of the Bug Bounty Program.

Intellectual Property

By submitting your content to Scholify (your “Submission”), you agree that Scholify may take all steps needed to validate, mitigate, and disclose the vulnerability, and that you grant Scholify any and all rights to your Submission needed to do so.
For any further support, write to us at