Security Policy

Effective date: June 4, 2026

1. Security Scope

This policy applies to the ACT website, member portal, payment checkout flows, employer services, forms, support paths, submission records, project spaces, and related online systems operated by Aerospace Career Transformation Bootcamp, LLC.

2. Access Controls

Member and staff areas are intended to require authenticated access. Access may be limited by role, cohort, member status, staff responsibility, or operational need. Credentials are personal and may not be shared, transferred, sold, or posted publicly.

3. Account Safety

Members are responsible for protecting their email, Discord, ACT portal, and third-party accounts. Use strong passwords, avoid reused credentials, keep devices updated, and report suspected unauthorized access through an official ACT support path.

4. Data And File Handling

ACT systems may handle links, images, documents, videos, messages, support requests, payment references, employer materials, and project materials. Do not upload malware, private government identifiers, banking credentials, export-controlled materials, classified information, employer-confidential information, or third-party proprietary content without authorization.

Payment card data is entered on Stripe-hosted checkout pages. ACT systems are not designed to store full payment card numbers.

5. Operational Safeguards

ACT may use logging, access review, limited staff visibility, provider-level controls, secure hosting, database access controls, backups, audit trails, rate limiting, and monitoring to protect systems and reduce operational risk.

6. Responsible Reporting

If you discover a suspected security issue, report it privately through official ACT support or contact channels. Do not publicly disclose vulnerabilities, access data that is not yours, test destructive actions, attack service providers, or attempt to escalate access beyond what ACT has authorized.

7. Prohibited Security Activity

You may not probe, scan, overload, scrape, exfiltrate, bypass authentication, harvest member information, attempt privilege escalation, upload malicious files, automate abusive requests, or interfere with ACT systems, service providers, members, staff, or communities.

8. Third-Party Services

ACT uses third-party services for hosting, analytics, payment processing, communication, storage, scheduling, forms, and community operations. This may include Stripe, Vercel, Discord, Google, Calendly, LinkedIn, database providers, and file storage providers. Security for those systems is also governed by the controls, policies, and terms of the relevant provider.

9. No Absolute Guarantee

No online system is perfectly secure. ACT works to apply reasonable safeguards, but members should avoid submitting unnecessary sensitive information and should report concerns quickly if something appears wrong.

10. Reporting Contact

For security concerns that are not active exploitation attempts, contact ACT at support@jointheact.com or through the official ACT support path in the portal.

11. Updates

ACT may update this Security Policy as systems, providers, access rules, or operational practices evolve. Updated policies will be posted on this page with a revised effective date.