Here is an overview of how we secure our data and services.
Scholarcy encrypts data at rest and in transit for all of our customers.
We use code and infrastructure analysis tools such as Snyk and Secrets Scanner to secure our software code, scripts, and containers throughout the development process.
We use Amazon Web Services to host our services. We make use of the security protocols provided within the AWS ecosystem.
We deploy our application using containers running on AWS managed services.
Responsible Disclosure Policy
This policy applies to the Scholarcy Library application hosted at library.scholarcy.com, the Scholarcy API at api.scholarcy.com, and to any other subdomains or services associated with Scholarcy services. We do not accept reports for vulnerabilities solely affecting our marketing website at https://www.scholarcy.com, which contains no sensitive data.
- If you believe you’ve discovered a potential vulnerability in Scholarcy Library or the Scholarcy API, please contact us. We will acknowledge your email within one week.
- Please provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within ten business days of disclosure.
- Please avoid violating privacy, destroying data, or interrupting or degrading Scholarcy services. Please only interact with Scholarcy Library accounts you own or for which you have explicit permission from the account holder.
Please do not engage in the following activities:
- Denial-of-Service (DoS)
- Social engineering or phishing of Scholarcy employees or contractors
Doing so will result in your user credentials being deactivated.