We welcome security researchers and developers to help us identify potential vulnerabilities in our systems. We have received numerous false public vulnerability reports, but want to reward and encourage honest and constructive bug observations. As such, this document outlines our bug bounty program and submission guidelines. We are only reviewing bounties for high risk security vulnerabilities.

Rewards

We offer rewards ranging from $50 to $1,000 for validated vulnerabilities based on severity, impact, and quality of the report.

Submission Guidelines

1. Eligibility

• Security vulnerabilities in Cluely's desktop applications, systems, or infrastructure
• Previously unreported vulnerabilities (first come, first served) that are not already on the engineering roadmap
• Clear documentation of the vulnerability and steps to reproduce

2. Submission Process

Please submit your findings through our secure form below with your payment information. Please note that you must remove any public disclosure of vulnerabilities, as these put Cluely at risk, to be eligible for payment.

3. Required Information

• Detailed description of the vulnerability
• Steps to reproduce the issue
• Supporting materials (screenshots, videos, proof of concept code)
• Potential impact assessment
• Suggested fix or mitigation strategy
• Your contact information for follow-up and reward processing

Responsible Disclosure Policy

By participating in our bug bounty program, you agree to:

• Keep all vulnerability information confidential