Responsible Disclosure

Dehaat is committed to protecting its customers' data and privacy. We also recognize the important role that security researchers play in helping us keep our systems secure. We therefore invite security researchers to responsibly disclose potential security vulnerabilities in our systems.

If you believe you have found a security vulnerability in the Dehaat's systems, please contact us at security@agrevolution.in. We will investigate any reported vulnerability and take appropriate steps to address the issue. We are committed to working with security researchers to ensure any vulnerability is properly resolved. Thank you in advance for your help in keeping our customers' data and privacy secure.

Scope

Reporting Guidelines

Please provide the following details on the report

  • Description and potential impact of the vulnerability;
  • A detailed description of the steps required to reproduce the vulnerability; and,
  • Where available, a video POC.
  • Email to security@agrevolution.in
  • Note: Only vulnerabilities deemed exploitable will be considered for a reward. The determination of exploitability and the acceptance of reported vulnerabilities lie solely at the discretion of the Dehaat Security Team.

Policy

We ask that:-

  • Security researchers must not violate the privacy of our customers or disrupt the availability of our services.
  • Security researchers must conduct their activities in compliance with all applicable laws.
  • Security researchers are encouraged to disclose potential security vulnerabilities in a responsible manner and provide sufficient details to allow Dehaat to reproduce and resolve the issue.
  • Security researchers must not publicly disclose any potential security vulnerabilities until Dehaat has been given a reasonable amount of time to respond and remediate the issue.
  • Security researchers must not access or use any Dehaat customer data without permission.
  • Security researchers should not attempt to exploit a vulnerability or access any Dehaat systems without permission.
  • Security researchers should not attempt to reverse engineer any Dehaat code or systems without permission.
  • Security researchers must not modify any data.