learnhouse_logo

Security

How we keep LearnHouse secure and how to report vulnerabilities.

Our Security Practices

Encrypted in Transit

All data between your browser and our servers is encrypted. We enforce secure connections across all environments.

Access Control

Access to sensitive areas is restricted by role and organization. We apply the principle of least privilege throughout the platform.

Authentication

We support industry-standard authentication methods and take measures to protect credentials and session integrity.

Hardened Infrastructure

Our infrastructure is configured with security best practices in mind, including protections against common web vulnerabilities.

Dependency Management

We actively monitor and update our dependencies to address known vulnerabilities as they are disclosed.

Minimal Data Exposure

We collect only what is necessary and limit access to sensitive data to those who genuinely need it.

At LearnHouse, we take the security of our platform and the data entrusted to us seriously. This page describes how to report security vulnerabilities and what you can expect from us in response.

Reporting a Vulnerability

If you believe you have discovered a security vulnerability in LearnHouse, please report it to us by emailing security@learnhouse.app. Please do not disclose the vulnerability publicly until we have had a chance to investigate and address it.

What to Include in Your Report

To help us triage and resolve your report as quickly as possible, please include:

  • A clear description of the vulnerability and its potential impact
  • Steps to reproduce the issue
  • The affected URL, endpoint, or component
  • Any relevant screenshots, logs, or proof-of-concept code
  • Your contact information so we can follow up

Our Commitment

When you report a vulnerability to us, we commit to:

  • Acknowledging receipt of your report
  • Investigating the issue and keeping you informed of our progress
  • Working to resolve confirmed vulnerabilities in a timely manner
  • Crediting you for the discovery, if you wish, once the issue is resolved

Responsible Disclosure

We ask that you follow responsible disclosure practices when reporting security issues to us. Specifically, please:

  • Allow us reasonable time to investigate and remediate the issue before any public disclosure
  • Coordinate with us before requesting a CVE identifier or publishing any advisory, blog post, or writeup related to the vulnerability
  • Avoid disclosing details of the vulnerability to third parties prior to a mutually agreed disclosure date

We are committed to working with researchers in good faith and will do our best to keep you informed throughout the process. If you have concerns about the timeline or the remediation approach, please reach out to us directly at security@learnhouse.app so we can work through it together.

Scope

This policy applies to security vulnerabilities found in LearnHouse services hosted at learnhouse.app and associated subdomains, as well as the open-source LearnHouse platform code.

Please do not use automated scanners against our infrastructure in a way that could degrade service for other users, and do not access, modify, or delete data belonging to other users during your research.

Contact

For all security-related inquiries, contact us at security@learnhouse.app.