Jump to a section
Related resources
Broader security architecture and incident response practices.
Rules that prohibit abusive or unauthorized use of the platform.
1. Responsible disclosure
Classroom Pulse welcomes good-faith security research that helps keep users safe.
Please report suspected vulnerabilities privately and give us a reasonable opportunity to investigate and address the issue before public disclosure.
2. How to report an issue
Send reports to security@classroompulse.io and include
- A clear description of the issue
- Affected URLs, endpoints, or workflows
- Reproduction steps
- Proof of concept or evidence where available
- Your contact information for follow-up
3. Research rules
When testing, do not
- Access, modify, or exfiltrate data that is not your own
- Disrupt service availability or perform denial-of-service activity
- Use social engineering, phishing, or physical attacks
- Spam, scan excessively, or exploit issues beyond what is needed to validate them
Keep testing narrowly tailored, minimize impact, and stop immediately if you encounter sensitive customer data.
4. Our response commitments
If your report appears credible, we aim to
- Acknowledge receipt
- Review and validate the issue
- Communicate as appropriate during remediation
- Notify you when the issue is resolved or closed
Response timing varies based on severity, exploitability, and operational risk.
5. Safe harbor
We will not pursue legal action against researchers who act in good faith and follow this policy.
That safe harbor is conditioned on
- Avoiding privacy harm
- Not exploiting the issue beyond validation
- Not violating law or third-party rights
- Cooperating with reasonable remediation timing requests
Questions or documentation requests
Use the security inbox for vulnerability reports only. General product support should go to support@classroompulse.io.
Security reporting
security@classroompulse.ioGeneral support
support@classroompulse.io