Security Vulnerability Disclosure Policy
Our Commitment
TechLabOps Systems Private Limited takes the security of our systems and user data seriously. We appreciate the security research community and encourage responsible disclosure of security vulnerabilities.
How to Report Security Issues
Email: security@techlabops.com
Please include the following information in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any proof-of-concept code (if applicable)
- Your contact information
What We Consider Security Issues
- Cross-site scripting (XSS)
- SQL injection vulnerabilities
- Cross-site request forgery (CSRF)
- Server-side request forgery (SSRF)
- Authentication bypass
- Information disclosure
- Denial of service vulnerabilities
- Remote code execution
- Privilege escalation
What We Don't Consider Security Issues
- Social engineering attacks
- Physical attacks
- Issues requiring physical access to our servers
- Issues in third-party applications we don't control
- Denial of service attacks that don't require a vulnerability
- Issues that require user interaction (phishing, etc.)
Response Timeline
- Initial Response: Within 24 hours
- Status Updates: Every 48 hours
- Critical Issues: Resolution within 7 days
- High Issues: Resolution within 30 days
- Medium/Low Issues: Resolution within 90 days
Recognition
We believe in recognizing security researchers who help us improve our security posture. We will:
- Credit researchers in our security acknowledgments
- Maintain a public acknowledgments page
- Consider additional recognition for significant contributions
Safe Harbor
We provide safe harbor for security research conducted in accordance with this policy. We will not pursue legal action against researchers who:
- Act in good faith
- Follow responsible disclosure practices
- Do not access or modify data beyond what's necessary
- Do not cause harm to our systems or users
Last Updated: September 23, 2025