We welcome security researchers and developers to help us identify potential vulnerabilities in our systems. We have received numerous false public vulnerability reports (which the team has verified as false representations of our codebase or even AI-generated fake user data), but want to reward and encourage honest and constructive bug observations. As such, this document outlines our bug bounty program and submission guidelines.

Rewards

We offer rewards ranging from $150 to $1,000 for validated vulnerabilities based on severity, impact, and quality of the report.

Submission Guidelines

1. Eligibility

• Security vulnerabilities in Cluely's applications, systems, or infrastructure
• Previously unreported vulnerabilities (first come, first served)
• Clear documentation of the vulnerability and steps to reproduce

2. Submission Process

Please submit your findings through our secure form below with your payment information. Please note that you must remove any public disclosure of vulnerabilities, as these put Cluely at risk, to be eligible for payment.

3. Required Information

• Detailed description of the vulnerability
• Steps to reproduce the issue
• Supporting materials (screenshots, videos, proof of concept code)
• Potential impact assessment
• Suggested fix or mitigation strategy
• Your contact information for follow-up and reward processing

Responsible Disclosure Policy

By participating in our bug bounty program, you agree to:

• Keep all vulnerability information confidential