الرئيسيةالخدماتالمسرّعاتالمدونةالوظائفمن نحناتصل بنا
احجز استشارة مجانية
الرئيسية / Vulnerability Disclosure Policy

Vulnerability Disclosure Policy

Last updated: July 6, 2026

UpperThrust Technologies Private Limited ("UpperThrust") takes the security of our systems seriously. We value the security research community and welcome responsible disclosure of vulnerabilities that could affect our website or associated infrastructure.

1. Scope

This policy applies to www.upperthrust.com and infrastructure directly operated by UpperThrust in connection with it. It does not cover third-party services we link to or embed but do not operate, denial-of-service testing, physical security testing, or social engineering of our staff or clients — these are out of scope and should not be attempted.

2. How to report a vulnerability

If you believe you have found a security vulnerability, please report it to security@upperthrust.com. Please include:

  • A description of the vulnerability and its potential impact.
  • Step-by-step instructions to reproduce the issue, including the URL(s), request/response details, and any proof-of-concept code or screenshots.
  • The date and time you identified the issue.
  • Your contact information, if you would like to be credited or updated on remediation status.

3. What to expect from us

  • Acknowledgement of your report within 3 business days.
  • An initial assessment of severity and validity within 10 business days where reasonably possible.
  • Ongoing communication as we investigate and remediate confirmed issues, within the limits of what we can responsibly share.
  • Credit in a public acknowledgements page (if one exists at the time) for validated, responsibly disclosed reports, if you would like to be named.

4. Responsible disclosure guidelines

We ask researchers to:

  • Give us reasonable time to investigate and remediate an issue before publicly disclosing it or sharing it with others.
  • Make a good-faith effort to avoid privacy violations, data destruction, and interruption or degradation of our services during testing.
  • Only interact with accounts or data you own, or with explicit permission from the account holder.
  • Not exploit a vulnerability beyond what is necessary to confirm its existence (for example, do not exfiltrate more data than needed as proof of concept).

5. Safe harbor

We will not pursue legal action against researchers who discover and report vulnerabilities in good faith, in accordance with this policy, and who do not violate the guidelines in Section 4. This policy is not an invitation to actively test third-party services we do not control.

6. Contact

Reports and questions: security@upperthrust.com. This mailbox is for security reports only — for general enquiries, please use our Contact page.