Responsible Disclosure

Last updated: 2025

We appreciate responsible disclosure of vulnerabilities that may impact our site or users. Please report findings privately and allow us a reasonable time to investigate and remediate before any public disclosure.

Scope

• indkrypt.com and associated subpages.
• Static content and client-side behavior of the site.
• Excludes third‑party services (hosting, analytics) governed by their own policies.

Please Do

• Provide a concise description with steps to reproduce.
• Share minimal PoC demonstrating impact without causing harm.
• Respect privacy; avoid accessing or modifying data that isn’t yours.

Please Don’t

• Perform DDoS, spam, or social engineering.
• Exploit the issue beyond what’s required to prove the vulnerability.
• Access, alter, or exfiltrate data.

Timeline

• Acknowledgement: We aim to acknowledge within 3–5 business days.
• Triage: Initial assessment within 10 business days.
• Fix & Disclosure: Mutually agreed remediation and disclosure timeline based on severity.

Safe Harbor

If you act in good faith, follow this policy, and avoid harm, we will not pursue legal action against you for your research on our in‑scope assets. This Safe Harbor does not extend to actions that are unlawful or that target out‑of‑scope systems.

Contact: security@indkrypt.com