Help us build a
better platform.

HOW IT WORKS

How to submit.

1. 01Find a bug on cyndra.ai or the Cyndra platform.
2. 02Fill out the submission form with steps to reproduce.
3. 03Our team reviews within 7 days.
4. 04Valid bugs are verified and rewarded.

GUIDELINES

The fine print.

1. 01One submission per bug.
2. 02No destructive testing or data modification.
3. 03First valid report wins. No duplicates.
4. 04We will not pursue legal action against researchers who follow these guidelines.
5. 05Rewards are at our discretion based on severity and impact.
6. 06In scope: cyndra.ai web application and the Cyndra platform.
7. 07Out of scope: third-party services, social engineering, denial of service, and physical attacks.

TERMS

The legal bits.

By participating in Cyndra's Bug Bounty Program, you agree to the following:

• You must be 18 years or older to participate.
• You must not reside in a jurisdiction subject to US sanctions (OFAC).
• Rewards are issued at Cyndra's sole discretion based on severity, impact, and validity.
• Duplicate reports are not eligible. First valid submission wins.
• Maximum total program payouts are capped at $2,500 per calendar month. Cyndra reserves the right to modify or discontinue this program at any time without notice.
• You must not publicly disclose any vulnerability before Cyndra has had 90 days to remediate it.
• Token rewards are provided as-is with no guarantee of current or future value.
• Personal data submitted is used solely for program administration. See our Privacy Policy.
• Testing must be limited to cyndra.ai and the Cyndra platform. Out of scope: third-party integrations, social engineering, physical security, and denial-of-service attacks.
• Cyndra will not pursue legal action against researchers who act in good faith and comply with these terms.