Vulnerability Disclosure Policy
Capfront is committed to providing, through regulation and supervision by maintaining the security of our systems and protecting sensitive information from unauthorized disclosure. The safety and security of our customers’ data, and the reliability of our services, are of immense importance to Capfront and therefore we strive to provide the highest levels of security and reliability. Despite our best efforts, due to the highly complex and sophisticated nature of our products and services, vulnerabilities and errors may still be present in our services.
We encourage customers, users, researchers, partners and any other end user to report potential vulnerabilities identified in Capfront systems. This policy describes Capfront’s approach to requesting and receiving reports related to potential vulnerabilities and errors in its services from those that interact with such services.
The researchers of our systems are encouraged to contact Capfront regarding such vulnerabilities and errors by using the form present on this page. Identifying and reporting the vulnerability or error will improve our security and reliability mechanisms which will contribute towards the continuous growth and efficiency of Capfront.
Providing your contact information and the report are entirely voluntary and at your discretion. Capfront will make use the report that are submitted; both those submitted anonymously and those with contact information.
By reporting to Capfront using the form on this page, or otherwise communicating a report to Capfront through other means, regarding vulnerabilities and errors, you agree to the following terms:
Capfront may use your report for the purpose of correcting any vulnerabilities and errors that Capfront deems fit for correction. Capfront assumes the assignment of all ownership rights of the report is for the purpose of changes and improvements as required.
By providing such information to Capfront you confirm to us that:
- You have shared the error or issue in detail.
- You give us a reasonable time to respond to the issue before making any information/report public.
- You have not exploited or used in any manner, and will not exploit or use in any manner (other than for the purposes of reporting to Capfront), the discovered vulnerabilities and/or errors.
- You have not engaged, and will not engage, in research of systems with the intention of harming Capfront, its customers, employees or partners.
- You have acted in good faith and have not used, misused, deleted, altered or destroyed, and will not use, misuse, delete, alter or destroy, any data that you have accessed or may be able to access in relation to the vulnerability and/or error discovered.
- You have not conducted, and will not conduct, social engineering, spamming, phishing, denial-of-service or resource-exhaustion attacks.
- You have not breached, and will not breach, any applicable laws in connection with your report and your interaction with Capfront for the services that lead to your report.
- You agree not to disclose to any third party any information related to your report, the vulnerabilities and/or errors reported, nor the fact that a vulnerabilities and/or errors has been reported to Capfront.
- Capfront does not guarantee that you will receive any response from Capfront related to your report. Capfront will only contact your regarding your report if Capfront deems it necessary.
- You agree that you are making your report without any expectation or requirement of reward or other benefit, financial or otherwise, for making such report, and without any expectation or requirement that the vulnerabilities and/or errors reported are corrected by Capfront.
- Otherwise comply with all our applicable laws.
Copyright ©2022 Vaibhav Vyapaar Private Limited - All Rights Reserved.