Security & Vulnerability Disclosure Policy
Thank you for helping keep Rupashi Enterprise secure. This page explains how to report security issues responsibly.
Scope
This policy covers the domain rupashienterprise.in and its subdomains, including the public website, APIs and administration interfaces we operate.
- In scope: public web pages, public APIs, forms and server-side endpoints we operate.
- Out of scope: third-party services, partner networks, and infrastructure not operated by Rupashi Enterprise.
How to Report
Please send vulnerability reports to our security inbox:
Suggested report contents
- Clear description of the issue and affected URL(s).
- Steps to reproduce (minimal steps preferred).
- Any PoC (proof-of-concept) code or screenshots.
- Impact assessment (if known).
- Your contact email (we will treat this as private).
If you prefer encryption, use our PGP key posted at /pgp-key.txt (PGP public key).
Our Commitment & Response Times
- We will acknowledge receipt within 5 business days.
- We aim to provide updates or a remediation plan within 15 business days for confirmed issues.
- We will work to remediate critical vulnerabilities as soon as possible and will notify the reporter when a fix is deployed.
Times may vary depending on complexity and the need to coordinate with third parties.
Safe Harbor
We appreciate good-faith security research. If you follow this policy and avoid privacy violations, data theft, or service disruption, we will not pursue legal action against you for your testing.
Please do not exploit vulnerabilities to access, alter or delete data, or to cause denial of service.
Coordinated Disclosure
We encourage coordinated disclosure. When a fix is available, we may invite you to agree on a public acknowledgement (see our Acknowledgements page).
We will not publicly disclose report details without the reporter’s permission unless required by law.
Legal & Privacy
By submitting a vulnerability report you agree to provide accurate information. We will treat reporter contact information as confidential and use it only to coordinate remediation and acknowledgement.
Other contact & resources
Main contact:
Rupashi Enterprise — Nepalgunge Road, Kolkata, West Bengal — 700103
Phone: +91 8420874204
Email: info@rupashienterprise.in
PGP key: /pgp-key.txt