Bug Bounty

Help us build a better platform.

Found a bug on cyndra.ai? Report it. We review every submission and reward valid findings. Three reward tiers based on severity. Payouts within 7 days of verification.

Submit a Bug Report

Rewards

Three tiers. Paid your way.

Rewards scale with impact. We assess severity based on the user harm and data exposure a bug enables. The team makes the final call.

Cosmetic

$5 credit

Visual bugs that don't affect functionality.

  • UI glitches
  • Typos
  • Broken layouts
Functional

$50 credit

Features that don't work as intended.

  • Broken features
  • Errors and crashes
  • Incorrect behavior
Critical

$250 credit

Issues that put users or data at risk.

  • Security vulnerabilities
  • Data exposure
  • Authentication bypass

Rewards paid as account credit or gift cards.

How it works

How to submit.

  1. 01

    Find a bug on cyndra.ai or the Cyndra platform.

  2. 02

    Fill out the submission form with steps to reproduce.

  3. 03

    Our team reviews within 7 days.

  4. 04

    Valid bugs are verified and rewarded.

Guidelines

The fine print.

  • One submission per bug.
  • No destructive testing or data modification.
  • First valid report wins. No duplicates.
  • We will not pursue legal action against researchers who follow these guidelines.
  • Rewards are at our discretion based on severity and impact.
  • In scope: cyndra.ai web application and the Cyndra platform.
  • Out of scope: third-party services, social engineering, denial of service, and physical attacks.

Terms

The legal bits.

By participating in Cyndra's Bug Bounty Program, you agree to the following:

  • You must be 18 years or older to participate.
  • You must not reside in a jurisdiction subject to US sanctions (OFAC).
  • Rewards are issued at Cyndra's sole discretion based on severity, impact, and validity.
  • Duplicate reports are not eligible. First valid submission wins.
  • Maximum total program payouts are capped at $2,500 per calendar month. Cyndra reserves the right to modify or discontinue this program at any time without notice.
  • You must not publicly disclose any vulnerability before Cyndra has had 90 days to remediate it.
  • Token rewards are provided as-is with no guarantee of current or future value.
  • Personal data submitted is used solely for program administration. See our Privacy Policy.
  • Testing must be limited to cyndra.ai and the Cyndra platform. Out of scope: third-party integrations, social engineering, physical security, and denial-of-service attacks.
  • Cyndra will not pursue legal action against researchers who act in good faith and comply with these terms.

Prefer crypto? Rewards are also available in $CyndraAI tokens. Just mention it in your submission.

Found a bug? Send it our way.

The form opens in a new tab. You'll get a confirmation on submit. We review every report and reply within 7 days.

Submit a Bug Report

Trust & security

Curious how we
keep the platform safe?

See the controls, encryption, and compliance posture behind Cyndra in our Trust Center.

Visit the Trust CenterSOC 2 readiness
Reviewed within 7 days Payout on verification