Vulnerability Disclosure Policy (Professional Security Page)

Effective: May 25, 2026

VULNERABILITY DISCLOSURE POLICY

FOR BITRO LAB’S

Effective Date: 25 May 2026

BitRo Lab’s (“Company”, “we”, “our”, or “us”) values the security of our systems, applications, infrastructure, and users.

This Vulnerability Disclosure Policy (“Policy”) provides guidelines for security researchers, ethical hackers, users, and the security community to responsibly report vulnerabilities affecting BitRo Lab’s services or systems.

We encourage responsible disclosure to help improve platform security.

1. PURPOSE

The purpose of this Policy is to:

  • improve security posture
  • encourage responsible vulnerability reporting
  • establish clear disclosure guidelines
  • protect users and infrastructure
  • support ethical security research

2. SCOPE

This Policy applies to:

  • official websites
  • web applications
  • APIs
  • cloud infrastructure
  • mobile applications
  • authentication systems
  • public-facing services
  • software operated by BitRo Lab’s

Third-party services or external platforms not owned by BitRo Lab’s may be outside the scope of this Policy.

3. RESPONSIBLE DISCLOSURE GUIDELINES

Researchers acting in good faith should:

  • avoid violating privacy
  • avoid disrupting services
  • avoid destroying or modifying data
  • avoid accessing unauthorized user information
  • report vulnerabilities promptly
  • provide sufficient technical details for reproduction

Testing should remain limited to necessary verification only.

4. PROHIBITED ACTIVITIES

Under this Policy, researchers must NOT:

  • exploit vulnerabilities for personal gain
  • access or exfiltrate user data
  • perform denial-of-service attacks
  • deploy malware or malicious payloads
  • conduct spam or phishing campaigns
  • modify or destroy production data
  • publicly disclose vulnerabilities before remediation
  • socially engineer employees or users
  • conduct physical security attacks

Unauthorized destructive activity may result in legal action.

5. SAFE HARBOR

BitRo Lab’s intends not to pursue legal action against individuals who:

  • act in good faith
  • follow this Policy
  • avoid harmful activities
  • responsibly disclose vulnerabilities
  • cooperate during remediation

This safe harbor applies only to activities consistent with this Policy and applicable laws.

6. REPORTING A VULNERABILITY

Security researchers may report vulnerabilities by providing:

  • vulnerability description
  • affected system or URL
  • reproduction steps
  • proof-of-concept if applicable
  • potential impact assessment

Reports should be submitted to:

Security Email: _______________________

7. RESPONSE PROCESS

BitRo Lab’s may:

  • acknowledge receipt of reports
  • investigate findings
  • validate vulnerabilities
  • prioritize remediation
  • communicate status updates where appropriate

Response timelines may vary depending on severity and complexity.

8. PUBLIC DISCLOSURE

Researchers agree not to publicly disclose vulnerabilities until:

  • BitRo Lab’s confirms remediation, OR
  • reasonable remediation time has passed

Coordinated disclosure helps protect users and systems.

9. NO BUG BOUNTY GUARANTEE

Unless explicitly announced, BitRo Lab’s does not guarantee financial rewards or bug bounty payments for vulnerability reports.

Recognition or rewards may be provided at the Company’s discretion.

10. THIRD-PARTY SYSTEMS

This Policy does not authorize testing against:

  • third-party vendors
  • hosting providers
  • customer infrastructure
  • external integrated platforms

without explicit authorization from respective owners.

11. LIMITATION OF LIABILITY

BitRo Lab’s makes no guarantees regarding:

  • uninterrupted systems
  • absolute security
  • vulnerability-free software

Researchers participate voluntarily and at their own risk.

12. POLICY VIOLATIONS

Activities violating this Policy or applicable laws may result in:

  • access restrictions
  • legal action
  • reporting to authorities

where necessary.

13. POLICY UPDATES

BitRo Lab’s reserves the right to modify this Policy at any time.

Updated versions become effective upon publication.

14. GOVERNING LAW

This Policy shall be governed by the laws of India.

15. CONTACT INFORMATION

BitRo Lab’s Website: _____________________ Security Contact Email: _____________________ General Email: _____________________________

ACCEPTANCE

By participating in vulnerability research involving BitRo Lab’s systems, researchers acknowledge that they have read and agreed to this Vulnerability Disclosure Policy.

Discuss
India --:-- --
@ in