Security

Data Security

Scholarcy encrypts data at rest and in transit for all of our customers.

Application Security

We use code and infrastructure analysis tools such as Dependabot, Snyk and Secrets Scanner to secure our software code, scripts, and containers throughout the development process.

Infrastructure Security

We use Amazon Web Services to host our services. We make use of the security protocols provided within the AWS ecosystem.

We deploy our application using containers running on AWS managed services.

Responsible Disclosure Policy

This policy applies to the Scholarcy Library application hosted at library.scholarcy.com, the Scholarcy API at api.scholarcy.com, and to any other subdomains or services associated with Scholarcy services. We do not accept reports for vulnerabilities solely affecting our marketing website at scholarcy.com, which contains no sensitive data.

• If you believe you’ve discovered a potential vulnerability in Scholarcy Library or the Scholarcy API, please contact us. We will acknowledge your email within one week.
• Please provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within ten business days of disclosure.
• Please avoid violating privacy, destroying data, or interrupting or degrading Scholarcy services. Please only interact with Scholarcy Library accounts you own or for which you have explicit permission from the account holder.

Exclusions

Please do not engage in the following activities:

• Denial-of-Service (DoS)
• Spamming
• Social engineering or phishing of Scholarcy employees or contractors

Doing so will result in your user credentials being deactivated.