Responsible Disclosure Program Terms of Use
For DIYguru Mobility Pvt. Ltd.
Thank you for your willingness to share information about security vulnerabilities with DIYguru. The security of our applications and the protection of the data we handle are paramount, and we appreciate your insights on how we can enhance our security measures.
By submitting a vulnerability report, you agree to the following Terms of Use, which aim to protect both you and DIYguru.
Safe Harbor
If you submit a vulnerability report in accordance with the process outlined below and comply with these Terms of Use, we will not take legal action against you for accessing our systems without authorization to identify the vulnerability.
Submission Process
Please send all vulnerability reports to us via email at [email protected]. Each report should include:
- A description of the vulnerability
- The URL, IP address, port, or other relevant information to help us locate the issue
- Detailed steps to reproduce the issue (including logs, screenshots, or other evidence)
- How you discovered the vulnerability
- The presumed impact of the vulnerability
- Any suggested remediation steps
- Your name and contact information
Scope
You may not access any individual workstation, system, network, content, application, or data of any third party while participating in this program. The safe harbor provision does not apply to such systems or data.
Methodology
You must not engage in denial of service attacks, attempts to compromise physical security, or any destructive methodologies. Once you identify a vulnerability, you should cease testing and report it as described above. The safe harbor does not cover activities that violate this section.
No Access to Personal Data or Misuse of Data
By participating in this program, you confirm that you have not accessed personal data of our customers or users. If you inadvertently acquire any such data, you agree to securely delete it. You also commit not to misuse any data extracted from our environment for fraudulent, malicious, defamatory, abusive, threatening, unlawful, or improper purposes.
Intellectual Property Rights
By submitting information regarding a vulnerability, you grant DIYguru a perpetual, worldwide, royalty-free license to use and disclose any information submitted, including proofs of concept, patches, suggestions, or code samples, to analyze and improve our systems and networks.
Sanctions
By submitting vulnerability information, you affirm that you are not subject to any export sanctions or trade restrictions and are not affiliated with any sanctioned organization or country.
Independent Contractor
Your submission of a vulnerability does not establish an employment relationship with DIYguru. The relationship is not a partnership, joint venture, or agency, and you do not have the authority to make any commitments on behalf of DIYguru.
Disclaimer of Liability and Obligation
DIYguru and its affiliates shall not be liable to you for any damages related to these Terms of Use. Any information submitted is provided at no charge, and DIYguru is not obligated to pay for your submission or any associated services.
Miscellaneous
These Terms of Use are governed by the laws of India. You may not use any logo or trademark of DIYguru without prior written consent.
Encrypted Messages
For secure communication, please use our PGP key available in the collapsible section below.
12. Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks.
If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
13. Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
14. Who we share your data with
If you request a password reset, your IP address will be included in the reset email.
15. How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
16. What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
17. Where your data is sent
Visitor comments may be checked through an automated spam detection service.