Security & Responsible Disclosure
Last updated: 30 June 2026
We take the security of our learners’ data seriously. If you believe you have found a security or privacy vulnerability in Alea, we want to hear from you, and we appreciate disclosures made in good faith.
1. Reporting a vulnerability
Please email hello@alealearning.com with enough detail for us to reproduce and understand the issue. Helpful information includes:
- the type of issue and where you found it (URL, page, or feature);
- steps to reproduce, and any proof-of-concept;
- the potential impact as you see it; and
- how we can reach you for follow-up.
You can also find our machine-readable contact details at /.well-known/security.txt.
2. What we ask of you
While researching, please:
- give us a reasonable amount of time to investigate and fix an issue before disclosing it publicly;
- do not access, modify, or delete data that is not your own — in particular, never access the data of other learners, and stop and report immediately if you encounter it;
- do not run denial-of-service tests, spam, social-engineering, or physical attacks; and
- only interact with accounts you own or have explicit permission to test.
3. What you can expect from us
- We will acknowledge your report and work with you to understand and resolve the issue.
- We will not pursue or support legal action against you for security research conducted in good faith and in accordance with these guidelines.
- We are a small team, so please be patient with response times.
We do not currently operate a paid bug-bounty program, but we are grateful for responsible reports and are happy to credit researchers who would like recognition.
4. Scope
These guidelines cover alealearning.com and the Alea applications. Issues in third-party services we rely on (listed in our Privacy Policy) should also be reported to those providers directly.
5. Contact
Security and privacy reports: hello@alealearning.com.