What makes SCHOLAR iQ different from other EdTech platforms?

SCHOLAR iQ is an AI-powered tech training and career readiness platform with multiple AI agents. We offer an AI-powered LMS, AI-proctored certification exams using a 30/70 evaluation model, Kalinga University joint credentials, SARA AI 24/7 counsellor, LinkedIn AI optimizer, GitHub AI agent, AI resume builder, and structured placement assistance in one platform. Available online, blended and offline.

What is the SCHOLAR iQ certification process?

SCHOLAR iQ uses a 30/70 evaluation model: 30% theory through AI-proctored online exams, and 70% practical through live coding, real projects, and industry simulations. The final certification is jointly issued with Kalinga University and is UGC/NEP 2020 compliant.

What AI agents does SCHOLAR iQ offer?

SCHOLAR iQ offers multiple AI agents: SARA AI (24/7 career counsellor), AI Career Path Finder, LinkedIn AI Optimizer, GitHub AI Agent, AI Resume Builder, AI Mock Interview simulator, and AI Job Match engine. These agents support career readiness, profile improvement, interview preparation, and program discovery.

Does SCHOLAR iQ offer offline and blended learning?

Yes. SCHOLAR iQ offers three learning formats: Online (Self-Paced via AI LMS, or Completely Instructor-Led Live sessions), Blended (Self-Paced AI LMS + Weekly Instructor-Led Live Sessions online), and Offline (full On-Campus classroom at our centre). We also offer intensive Summer Training programs.

What is the placement support at SCHOLAR iQ?

SCHOLAR iQ provides structured placement assistance through a corporate hiring pipeline backed by Shizi Softwares. This includes resume building, LinkedIn optimization, mock interviews, job matching, and referral support with hiring partners.

Security Operations

Reporting Vulnerabilities.

Last Updated: May 2026

1. Introduction & Commitment to Security

At SCHOLAR iQ, a brand of Shizi Softwares Pvt. Ltd., the security and privacy of our students, corporate partners, and university affiliates are our absolute highest priorities. As an ISO 9001:2015 certified organization managing sensitive career intelligence and AI-driven data pipelines, we recognize the critical role that the independent security research community plays in helping us identify and remediate potential security vulnerabilities.

This Responsible Disclosure Policy (VDP) outlines our framework for engaging with ethical hackers, cybersecurity researchers, and the broader infosec community. We are deeply committed to working alongside you to verify, reproduce, and patch valid security issues discovered within our ecosystem. We encourage you to report any potential vulnerabilities you discover in a responsible, coordinated manner, adhering strictly to the guidelines set forth below.

2. Safe Harbor Clause

SCHOLAR iQ considers activities conducted consistently with this policy to constitute "authorized" conduct. We will not initiate civil action or file a complaint with law enforcement for accidental, good-faith violations of this policy. We consider your security research to be conducted under the umbrella of Safe Harbor, provided that you:

Do not intentionally access, modify, delete, or exfiltrate any user data beyond what is strictly necessary to demonstrate the vulnerability.
Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems (e.g., DoS/DDoS), and destruction of data.
Only interact with accounts you own or for which you have explicit, documented permission from the account holder.
Keep all information regarding the discovered vulnerability strictly confidential between yourself and SCHOLAR iQ until we have explicitly authorized its public release.

3. In-Scope Targets

The following domains and assets are explicitly considered in-scope for security research and vulnerability reporting under this policy:

*.scholariq.in (including our primary marketing portal, student dashboards, and partner gateways)
API Endpoints: Any publicly exposed API endpoints residing under the scholariq.in domain infrastructure (e.g., api.scholariq.in).
SARA AI Engine Interfaces: The prompt-input mechanisms and output-rendering contexts of our proprietary AI conversational agents.

4. Out-of-Scope Targets & Behaviors

To protect the integrity of our production systems and the privacy of our users, certain types of testing and specific vulnerabilities are strictly out of scope. Engaging in any of the following activities will forfeit Safe Harbor protections:

Denial of Service (DoS) / Distributed Denial of Service (DDoS): Any volumetric attacks, resource exhaustion, or network flooding.
Social Engineering & Phishing: Targeting SCHOLAR iQ employees, corporate partners, university affiliates, or students.
Physical Security: Attempts to access Shizi Softwares Pvt. Ltd. corporate offices, server facilities, or hardware.
Third-Party Applications: Vulnerabilities residing in third-party services, dependencies, or platforms we integrate with (e.g., AWS infrastructure layer, third-party payment gateways like Razorpay/Stripe, or third-party LLM providers), unless the vulnerability directly demonstrates a misconfiguration on SCHOLAR iQ's side.
Spamming: Unsolicited automated emails, SMS, or in-app notifications generated through our platforms.

Additionally, theoretical vulnerabilities without a demonstrable proof of concept (PoC), missing HTTP security headers (unless a specific exploit can be proven), and SSL/TLS configuration weaknesses are generally considered out of scope unless they lead to a direct, actionable compromise.

5. How to Submit a Report

If you believe you have discovered a valid security vulnerability in an in-scope asset, please submit a detailed report to our dedicated security operations team via email:

Email: [email protected]

Subject Format: [Vulnerability Type] - [Affected Asset] (e.g., [XSS] - [scholariq.in/login])

To ensure our team can efficiently triage and validate your report, please include the following information in your submission:

A clear description of the vulnerability, including its type (e.g., SQLi, RCE, CSRF) and potential impact.
The specific URL, endpoint, or parameter where the vulnerability resides.
Step-by-step instructions to reproduce the issue (a detailed Proof of Concept). Video recordings or screenshots are highly encouraged.
Any proof-of-concept scripts or HTTP request/response logs.
Your contact information and preferred name/handle for potential future acknowledgments.

6. Our Response & Remediation Timeline

SCHOLAR iQ operates with a commitment to rapid triage and remediation. Upon receiving your vulnerability report, you can expect the following process:

Initial Acknowledgment: We will acknowledge receipt of your report within 48 to 72 business hours.
Triage & Validation: Our engineering team will assess the validity and severity of the vulnerability. We will aim to provide a status update within 7 to 14 days of the initial acknowledgment.
Remediation: If the vulnerability is confirmed, we will classify its severity and prioritize remediation accordingly. Critical vulnerabilities affecting student data or core AI engines will be fast-tracked for immediate hotfixes.
Resolution Notification: We will notify you once the vulnerability has been successfully patched and verified.

We kindly request that you refrain from contacting us multiple times regarding the status of a report within the initial triage window, as this can divert engineering resources away from active investigation and patching.

7. Bug Bounty & Acknowledgments

At this current time, SCHOLAR iQ does not operate a formal, financially compensated Bug Bounty program. We deeply appreciate the efforts of the infosec community; however, submissions are made on a voluntary basis. For critical security reports that prevent severe data breaches or systemic compromise, SCHOLAR iQ may, at its sole discretion, choose to issue digital certificates of appreciation, SCHOLAR iQ platform credits, or feature the researcher on our official Security Hall of Fame (currently under development).

8. AI Hallucinations & Prompt Injection

As a platform heavily reliant on Generative AI, we actively seek reports regarding severe prompt injection vulnerabilities, jailbreaks, or data-leakage through AI hallucinations. However, general "AI hallucinations" (where the AI generates inaccurate but harmless text) are considered a known limitation of current LLM architectures and are not classified as security vulnerabilities unless they result in the direct exposure of personally identifiable information (PII) or internal backend source code.

9. Legal Rights & Non-Disclosure

By submitting a vulnerability report to SCHOLAR iQ, you agree that the contents of your report will become the property of Shizi Softwares Pvt. Ltd., and you grant us a perpetual, irrevocable, worldwide royalty-free license to utilize the information for remediation and security enhancement. You agree not to disclose the vulnerability publicly, to any third party, or on social media platforms until SCHOLAR iQ has confirmed that a patch has been deployed across all production environments.

SCHOLAR iQ reserves the right to modify the terms of this Responsible Disclosure Policy at any time without prior notice. Continued participation in our vulnerability reporting program constitutes acceptance of any updated terms.