At Alpha Nodus, we take the security of our platform seriously. As part of our commitment to maintaining the highest security standards, we welcome the participation of security researchers and the broader community in our Bug Bounty Program.
Program Objectives
Our Bug Bounty Program is designed to encourage security research into our platform and to reward those who help us make the internet a safer place.
Scope
We invite you to test our Gravity AI platform, including our APIs and any other publicly accessible services. However, any services not explicitly listed here are out of scope and should not be tested.
Rules of Engagement
We ask that all researchers:
- Do not cause harm to our users or the Gravity platform.
- Avoid violating privacy, disrupting our systems, or destroying data.
- Report bugs as soon as they are discovered.
- Do not disclose the bug to the public before it has been resolved.
- Follow any additional rules as specified.
Researchers who follow these guidelines will be protected by our safe harbor clause and will not face legal action for their research.
Bug Classification and Rewards
Our rewards are based on the severity of the vulnerability, which we determine based on its impact and exploitability. We offer a range of rewards, from $100 for low severity bugs to $500 for critical bugs.
Reporting
Please submit your findings via our bug reporting form. Include detailed steps to reproduce the bug, any relevant screenshots or proof of concept code, and your assessment of its impact.
Legal
By participating in our Bug Bounty Program, you agree to abide by our terms and conditions mentioned below.
Contact Us
If you have any questions about our Bug Bounty Program, feel free to contact us at security@alphanodus.com
Terms and Conditions
By participating in the Alpha Nodus Bug Bounty Program (the "Program"), you agree to abide by these terms and conditions:
- Eligibility: To be eligible for the Program, you must not be a resident of any country under U.S. sanctions or any other country that does not allow participation in such programs. You must also not be an employee or contractor of Alpha Nodus or an immediate family member of such an employee or contractor.
- Scope: Only those systems explicitly listed in the Program are considered in-scope for vulnerability testing. Any behavior outside of this scope will not be rewarded and may be considered a violation of these terms and conditions.
- Responsible Disclosure: You agree to report any vulnerability you discover immediately to Alpha Nodus, and not to disclose it to anyone else until it has been resolved. You also agree not to exploit the vulnerability in any way, including by extracting more data than necessary to demonstrate the vulnerability.
- Safe Harbor: If you comply with these terms and conditions, Alpha Nodus commits not to initiate legal action against you in relation to your research under this Program.
- Determining Rewards: Alpha Nodus has sole discretion in determining the eligibility and amount of any reward. In general, rewards will be determined based on the severity of the vulnerability and the quality of the report.
- No Malicious Activity: You agree not to engage in any activity that could harm Alpha Nodus or its users, or that violates any applicable laws or regulations.
- Modification and Termination of the Program: Alpha Nodus reserves the right to modify or terminate this Program at any time without notice.
- Independent Contractor: You acknowledge that you are participating in the Program as an independent contractor and not as an employee of Alpha Nodus.
- Confidentiality: You agree to keep confidential any proprietary or confidential information of Alpha Nodus that you may learn as a result of participating in the Program.
- Liability: Alpha Nodus is not liable for any damages or losses related to your participation in the Program.
By participating in the Program, you agree to these terms and conditions.