About Gradamic

Gradamic is a non-profit platform focused on empowering students by providing free and accessible study materials tailored for undergraduate B.Tech students.

We understand the academic challenges students face and aim to bridge those gaps with quality notes, concept clarity, and easy exam prep tools. We believe education should be accessible to everyone โ€” regardless of background.

Join us in reshaping academic journeys and helping students unlock their potential for a brighter tomorrow.

Gradamic Security

Your reports help us keep the platform safe

๐Ÿ›ก Report Security Vulnerabilities

If youโ€™ve found a vulnerability, please email us at gradamic@outlook.com. We honor responsible disclosure and guarantee Safe Harbor.

๐Ÿ” Scope
  • Security bugs found only on *.gradamic.com
  • Use only your own test accounts
  • No disruption, scanning, brute-force or social engineering
โœ… What Qualifies
  • 1-click account or backend takeover
  • Server-level access (or close potential)
๐Ÿšซ What Doesnโ€™t
  • Cross-Site Request Forgery (CSRF) on unauthenticated forms or forms with no sensitive actions
  • Account enumeration
  • Missing HTTP Headers
  • SSL/TLS best practices
  • Denial of Service and brute-forcing attacks
  • Physical attacks against offices and data centers
  • Social engineering of our service desk, employees or contractors
  • Compromise of a Gradamic user's or employee's accounts
  • Use of a tool that generates a significant volume of traffic
  • Any hypothetical flaw or best practices without exploitable POC
  • Session timeout
  • Rate Limits Issues
  • Session Hijacking (cookie reuse)
  • Click-jacking
  • DKIM/SPF/DMARC issues
  • Information leakage, data cached in search engines or the web archive
  • Software version disclosure
  • HttpOnly, SameSite, and Secure cookie flags
  • Confirmation Email (anything related with)
  • CSRF on non-sensitive actions
  • Missing headers, info leakage, version disclosure
  • Rate limits, session timeout, best practice suggestions
  • Network or simple Denial of Service attacks.
  • Physical attacks against offices and data centers.
  • Social engineering of our service desk, employees or contractors.
  • Compromise of a Gradamic user's or employee's account.
  • Automated tools or scans, botnet, compromised site, end-clients, or any other means of large automated exploitation or use of a tool that generates a significant volume of traffic.
๐Ÿ“œ Eligibility
  • First valid reporter
  • Report within 24 hours of discovery
  • No public disclosure until fixed
๐Ÿ’ก Rewards

We donโ€™t offer bounties as a non-profit, but we will proudly credit you on our acknowledgements page if you wish. ๐Ÿซก

๐Ÿซฑ๐Ÿผโ€๐Ÿซฒ๐Ÿพ Safe Harbor

Follow our policy and youโ€™re safe. If others take action against you, weโ€™ll back you up as long as you stayed within bounds.