ClassDojo
  • Learn more
  • Schools
  • Resources
  • Log in

ClassDojo Security Vulnerability Disclosure Program

  • Privacy Policy
  • Terms of Service
  • Data Transparency
  • Cookies Policy
  • Security Vulnerability Disclosure Program
    • Overview
    • Scope: Software Written by ClassDojo
    • Scope: Software and Systems ClassDojo Uses
    • Guidelines
    • Reporting
    • Rewards
    • Questions
  • Premium Features Terms
  • Third Party Service Providers

Overview

ClassDojo is committed to protecting the privacy and security of our members, users of our software tools, and visitors to ClassDojo sites. Our Vulnerability Disclosure Program is intended to minimize the impact any security flaws have on our tools, our hosted services, or their users. ClassDojo's Vulnerability Disclosure Program covers two types of software: select software partially or primarily written by ClassDojo, and publicly facing software and systems ClassDojo makes use of for its websites and other Internet services.

Scope: Software Written by ClassDojo

In addition to the software and systems described below, ClassDojo's Vulnerability Disclosure Program applies to security vulnerabilities discovered in any of the following software:

  • ClassDojo iOS app
  • ClassDojo Android app

In order to qualify, the vulnerability must exist in the latest public release (including officially released public betas) of the software. Only security vulnerabilities will qualify. We would love it if people reported other bugs via the appropriate channels, but since the purpose of this program is to fix security vulnerabilities, only bugs that lead to security vulnerabilities will be eligible for rewards.

Scope: Software and Systems ClassDojo Uses

In addition to the software described above, ClassDojo's Vulnerability Disclosure Program applies to security vulnerabilities discovered in any web services or other public facing software running on any of the following domains:

  • classdojo.com and all subdomains (*.classdojo.com)
  • classdojo.co.uk
  • doj.io
  • dojo.me

These are the vulnerabilities we are looking for:

  • Cross-site request forgery (CSRF/XSRF)
  • Cross-site scripting (XSS)
  • Authentication bypass
  • Remote code execution
  • SQL Injection
  • Privilege escalation

Bugs not listed will be accepted at our discretion. Vulnerabilities in server software such as Haproxy or Wordpress, are in scope, if the vulnerability has already been publicly reported, and a patch or software update for the vulnerability has been available from the software's maintainers for at least 5 days. In order to qualify, the vulnerability must exist in software or a service that is actively running on ClassDojo's servers at the time the vulnerability is disclosed. (In other words, you won't get a reward just for telling us about the latest CVE, unless we've neglected to patch it/update our software 5 days after a fix has been released.) Security vulnerabilities created by the specific configuration of software on ClassDojo servers are also in scope under this program. Vulnerabilities that require physical access to server hardware are ineligible for submission.

Guidelines

Please adhere to the following guidelines in order to be eligible for rewards under this disclosure program:

  • Do not permanently modify or delete ClassDojo-hosted data.
  • Do not intentionally access non-public ClassDojo data any more than is necessary to demonstrate the vulnerability.
  • Do not DDoS or otherwise disrupt, interrupt or degrade our internal or external services.
  • Do not share confidential information obtained from ClassDojo, including but not limited to member or donor payment information, with any third party.
  • Social engineering is out of scope. Do not send phishing emails to, or use other social engineering techniques against, anyone, including ClassDojo staff, members, vendors, or partners.
  • In addition, please allow ClassDojo at least 90 days to fix the vulnerability before publicly discussing or blogging about it. ClassDojo believes that security researchers have a First Amendment right to report their research and that disclosure is highly beneficial, and understands that it is a highly subjective question of when and how to hold back details to mitigate the risk that vulnerability information will be misused. If you believe that earlier disclosure is necessary, please let us know so that we can begin a conversation.

Reporting

Just as important as discovering security flaws is reporting the findings so that users can protect themselves and vendors can repair their products. Public disclosure of security information enables informed consumer choice and inspires vendors to be truthful about flaws, repair vulnerabilities and build more secure products. Disclosure and peer review advances the state of the art in security. Researchers can figure out where new technologies need to be developed, and the information can help policymakers understand where problems tend to occur.

On the other hand, vulnerability information can give attackers who were not otherwise sophisticated enough to find the problem on their own the very information they need to exploit a security hole in a computer or system and cause harm. Therefore we ask that you privately report the vulnerability to ClassDojo before public disclosure.

Send an email to security@classdojo.com with information about the vulnerability and detailed steps on how to replicate it. Submissions that include detailed information on how to fix the corresponding vulnerability are more likely to receive more valuable rewards.

We are happy to accept anonymous vulnerability reports, but of course we can't send you our thanks if you report a vulnerability anonymously.

We will make every effort to respond to valid reports within seven business days.

The validity of a vulnerability will be judged at the sole discretion of ClassDojo.

Rewards

Not all reported issues may qualify for a reward. Rewards are awarded at ClassDojo's sole discretion.

Only the first report we receive about a given vulnerability will be rewarded. We cannot send rewards where prohibited by law (i.e. North Korea, Cuba, etc.).

Questions

If you have any questions about our vulnerability disclosure policy, please email security@classdojo.com.

Special thanks to EFF.org for creating the framework of this Security Disclosure Program.

Company

  • About us
  • Press
  • Careers
  • Engineering

Resources

  • Big Ideas
  • Resources
  • Blog
  • Privacy Center

Support

  • Helpdesk
  • Contact
  • Terms of Service
  • Privacy Policy

Community

  • Wall of Love
  • Facebook
  • Twitter
  • Instagram

© ClassDojo, Inc

Reset Password

Students, if you've forgotten your password, please ask your teacher.

Sorry, we can't find this email.
Found you! We've sent an email to your parent at __parentEmail__. Ask your parent to check their email!
Please check your email for instructions on how to reset your password!

Hi! It looks like you're using an older browser. ClassDojo requires Chrome, Firefox, or Internet Explorer 10 and above to run. You can upgrade Internet Explorer, download Chrome, or download Firefox.

Older browsers don't security features we need to make sure that your data is safe. Check out our Privacy Center for more information about how we keep ClassDojo safe and secure. :)

Sign up for ClassDojo as a...

Teacher Teacher
Teacher Teacher
Parent Parent
Parent Parent
Student Student
School Leader School Leader
School Leader School Leader

Select a language…

  • English (US)
  • English (UK)
  • Bahasa Indonesia
  • Català
  • Cymraeg
  • Dansk
  • Deutsch
  • Español
  • Español (España)
  • Français (Canada)
  • Français (France)
  • Hrvatski
  • Italiano
  • Lietuvių
  • Nederlands
  • Polski
  • Português (Brasil)
  • Português (Portugal)
  • Slovenčina
  • Slovenščina
  • Tiếng Việt
  • Türkçe
  • беларускі
  • Ελληνικά
  • Български
  • Русский
  • Српски
  • Українська
  • עברית
  • ‏العربية
  • हिन्दी
  • বাংলা
  • ਪੰਜਾਬੀ
  • 한국어
  • 中文(台灣)
  • 中文(简体)
  • 日本語

Hi! It looks like you're using an older browser. ClassDojo requires Chrome, Firefox, or Internet Explorer 10 and above to run. You can upgrade Internet Explorer, download Chrome, or download Firefox.

Older browsers don't security features we need to make sure that your data is safe. Check out our Privacy Center for more information about how we keep ClassDojo safe and secure. :)

Hi! It looks like you're using an older browser. ClassDojo requires Chrome, Firefox, or Internet Explorer 10 and above to run. You can upgrade Internet Explorer, download Chrome, or download Firefox.

Older browsers don't security features we need to make sure that your data is safe. Check out our Privacy Center for more information about how we keep ClassDojo safe and secure. :)

Log in to ClassDojo

Teacher Teacher
Teacher Teacher
Parent Parent
Parent Parent
Student Student
School Leader School Leader
School Leader School Leader

Hi! It looks like you're using an older browser. ClassDojo requires Chrome, Firefox, or Internet Explorer 10 and above to run. You can upgrade Internet Explorer, download Chrome, or download Firefox.

Older browsers don't security features we need to make sure that your data is safe. Check out our Privacy Center for more information about how we keep ClassDojo safe and secure. :)

Log in to ClassDojo

Welcome back! Just a moment while we log you in...
Forgot your password?
Whoops! Looks like either your email or password are incorrect. Did you forget it?
Oops! It looks like we're having problems logging you in. Check your internet connection. If the problem persists, you can view the status of our servers here.
Don't have an account?  Sign up

Hi! It looks like you're using an older browser. ClassDojo requires Chrome, Firefox, or Internet Explorer 10 and above to run. You can upgrade Internet Explorer, download Chrome, or download Firefox.

Older browsers don't security features we need to make sure that your data is safe. Check out our Privacy Center for more information about how we keep ClassDojo safe and secure. :)

Log in to ClassDojo

Welcome back! Just a moment while we log you in...
Forgot your password?
Whoops! Looks like either your email or password are incorrect. Did you forget it?
Oops! It looks like we're having problems logging you in. Check your internet connection. If the problem persists, you can view the status of our servers here.
Don't have an account?  Sign up

Create Your Teacher Account

Already have an account? Log in here

Wonderful! One second...
Redirect now
Use your school email to join your school community!
It looks like that email has already been used.
Did you mean to log in?
By signing up, you agree to our Terms of Service and Privacy Policy.

Account created!

Account Created

Download our app to have your best classroom yet!

Link to our app at Apple app store
Link to our app at Play store
Link to our app at Amazon app store

Create School Leader Account

Already have an account? Log in here

Wonderful! One second...
Redirect now
Use your school email to join your school community!
It looks like that email has already been used.
Did you mean to log in?
By signing up, you agree to our Terms of Service and Privacy Policy.

Hi! It looks like you're using an older browser. ClassDojo requires Chrome, Firefox, or Internet Explorer 10 and above to run. You can upgrade Internet Explorer, download Chrome, or download Firefox.

Older browsers don't security features we need to make sure that your data is safe. Check out our Privacy Center for more information about how we keep ClassDojo safe and secure. :)

Parents

Enter your code What is a code?

Don't have a code?

Log in or Sign up

Hi! It looks like you're using an older browser. ClassDojo requires Chrome, Firefox, or Internet Explorer 10 and above to run. You can upgrade Internet Explorer, download Chrome, or download Firefox.

Older browsers don't security features we need to make sure that your data is safe. Check out our Privacy Center for more information about how we keep ClassDojo safe and secure. :)

Enter ClassDojo as a...

Student Student
Parent Parent
Parent Parent

Hi! It looks like you're using an older browser. ClassDojo requires Chrome, Firefox, or Internet Explorer 10 and above to run. You can upgrade Internet Explorer, download Chrome, or download Firefox.

Older browsers don't security features we need to make sure that your data is safe. Check out our Privacy Center for more information about how we keep ClassDojo safe and secure. :)

What is a code?

Your child’s teacher can give you a code to quick-connect to the class. It looks something like “C123ABCD”

Don’t have a code? No worries, simply sign up or log in and you can find your child’s class from there 🙂