Clera - Your AI talent agent

Bug Bounty Program

We welcome security researchers and developers to help identify potential vulnerabilities in our systems.

Rewards

We offer rewards for validated vulnerabilities based on severity, impact, and quality of the report. We are only reviewing bounties for high risk security vulnerabilities.

Eligibility

  • Security vulnerabilities in Clera's applications, systems, or infrastructure
  • Previously unreported vulnerabilities not already on the engineering roadmap (first come, first served)
  • Clear documentation of the vulnerability and steps to reproduce

Submission Process

Please submit your findings through email with your payment information. Note that you must remove any public disclosure of vulnerabilities, as these put Clera at risk, to be eligible for payment.

Required Information

  • Detailed description of the vulnerability
  • Steps to reproduce the issue
  • Supporting materials (screenshots, videos, proof of concept code)
  • Potential impact assessment
  • Suggested fix or mitigation strategy
  • Your contact information for follow-up and reward processing

Responsible Disclosure Policy

By participating in our bug bounty program, you agree to:

  • Keep all vulnerability information confidential
  • Delete any data obtained through vulnerability testing
  • Not exploit vulnerabilities beyond verification
  • Remove any public disclosure of vulnerabilities that put Clera at risk as a condition of payment
  • Allow us reasonable time to address the issue before any disclosure

Scope

We are only reviewing bounties for high risk security vulnerabilities. The following are not eligible for rewards:

  • Denial of service attacks
  • Basic domain record management and IT hygiene
  • Spam or social engineering techniques
  • Physical or social engineering attacks against Clera employees
  • Vulnerabilities in third-party applications or services not maintained by Clera
  • Issues that require physical access to a user's device

Evaluation Process

Our security team will review submissions and respond within 5 business days. We evaluate submissions based on:

  • Severity and potential impact
  • Quality of submission and documentation
  • Novelty of the vulnerability
  • Exploitability and attack vector complexity

Contact

For secure submissions and any questions regarding our bug bounty program, please contact us at [email protected].

By submitting a vulnerability to Clera, you acknowledge that you have read and agree to our responsible disclosure terms and conditions, including the requirement to remove any public disclosures of vulnerabilities as a condition of payment.