BRYM Security & Vulnerability Disclosure Policy

Introduction

At BRYM, we take the security of our "gym for the mind" seriously. We appreciate the work of the security research community and welcome reports that help us protect our neurofeedback data and services.

Our Commitment (Safe Harbor)

If you conduct your research in good faith, avoid privacy violations, and do not destroy data or disrupt our services, we will not pursue legal action against you. We want to work together to keep our users safe.

Scope

• In-Scope: brym.app (Analytics platform), brymapp.com (Marketing site), and our core API.
• Out-of-Scope: Physical attacks, social engineering (phishing), and Denial of Service (DoS/DDoS) attacks.

Reward System

BRYM is currently a small, early-stage startup. While we cannot offer large financial bounties at this stage, we value your time. Based on the severity of the issue, we offer a small monetary token of appreciation (via PayPal or Gift Card) and a public "Thank You" on our security page and a digital badge of appreciation and backlink.

How to Report

Please email security@brymapp.com with a description of the bug, the steps to reproduce it, and the potential impact. We aim to acknowledge all reports within 72 hours.

Recognition

We sincerely thank the following individuals and organizations for their responsible disclosures and contributions to our security:

• No disclosures yet. Be the first to help us secure BRYM!