
We help businesses get ahead of the digital evolution and stay ‘Always Consumer Ready’. Our platform provides deep understanding and insights into their consumers, engage consumers through personalized 1:1 communication, provide easy and connected cross-channel commerce experiences and build loyalty to reward and retain their best consumers. If you have found any security vulnerabilities in the application you were visiting, Kindly report here.
We are committed to keeping our products and services secure and safe for everyone. If you are a Security Researcher or an Expert on security and you believe that you have identified any security-related vulnerability, bug or issue in our Website, Services, Application or Mobile App, then we request you to disclose it responsibly.
We appreciate your time and effort and we will respond to you as quickly as possible. Please provide a detailed description of the vulnerability so that it is easy for us to validate and fix them. We will keep you updated as we work to fix the vulnerability. We believe that those who intend to help Organizations & its Customers by improving Security must be treated with respect & professionalism. With this belief, we have created a Policy, Protocols, Guidelines & Principles for you to follow & adhere to. We request you to adhere to these guidelines & return we assure that your discovery & responsible disclosure will not invite any legal action against you.
Our intent is to be benefitted by those who are concerned about us & to reward such honorable intentions!
Responsible Disclosure Policy
Effective disclosure policy requires mutual trust, respect, and transparency between Security Researchers and our InfoSec Team. Principles & guidelines for responsible investigation & disclosure are important to protect us, our Clients & our Customers. Every Security Researcher or Bounty Hunter should ensure that these principles are adhered to at all times. Failure to adhere to these principles & guidelines will result in ineligibility to be considered for reward & recognition.
We will retain the right to decide when & how a bug or vulnerability will be remediedor fixed.
Principles and Guidelines
Eligible Submissions
Bugs which pose significant threat to our product range are the ones eligible for reward & recognition. We retain the right to evaluate & decide on whether a reported Bug or Vulnerability is eligible. The list provided below is not exhaustive. Established standards for application security will be consulted during evaluation of severity of Bugs.
Ineligible Submissions
These type of Bugs & Vulnerabilities will not be eligible for reward & recognition. All submissions which are not disclosed responsibly become ineligible automatically. See section on Responsible Disclosure Principles & Guidelines.
Things To Consider Before Reporting
Spam
Not Acceptable
For any further clarification and queries, email us to safehats@instasafe.com mentioning program name "VulCan" and a brief description of your discovery.
Severity Rating & Reward Structure
Severity of a Bug will be decided by us, but you may choose to assign a severity, which may be based on factors such as CVSS Rating, CWE ID, your assessment of risk, possible amount of security exposure, or exploitability of the vulnerability.
Each classification amounts to a certain Bounty Amount. Typically, we will adhere to these definitions & amounts, but we will objectively evaluate the value of each submission & decide the amount that will be disbursed.
In most cases, you should assume that the minimum payout will be the values given below (assuming that all other criteria & protocols are adhered to).
💰💰Financial Rewards💰💰
In-Scope URLs
The number of in-scope domains for this program are very large, so we are unable to display them here. If you have landed here after clicking a link on a specific website, then assume that it is part of the scope. We will respond appropriately for all in-scope domains & notify you if your submission is for a non-in-scope domain. Please mention the URL name while reporting.