Security Research Program

Vulnerability Disclosure Policy

Kryptasys Security Research Program guidelines for submitting vulnerability reports.

Our Commitment

Kryptasys takes the security of our products seriously. We welcome reports from security researchers who discover vulnerabilities in our systems. We commit to working with you to understand and address reported issues promptly.

Scope

In Scope
  • DPDP Shield (shield.kryptasys.in)
  • Kryptasys main website (kryptasys.in)
  • LEAP v2 forensic tool
  • All Kryptasys APIs and endpoints
Out of Scope
  • Third-party services (Supabase, Vercel, Razorpay)
  • Social engineering attacks
  • Physical security attacks
  • Denial of service attacks

How to Report

Send your report to:

Email: contact.kryptasys@proton.me
Subject line: [SECURITY] Brief description

Include in your report:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact assessment
  • Your contact information (optional)

Our Response Timeline

1

Acknowledgement

Acknowledgement within 48 hours

2

Initial Assessment

Initial assessment within 5 business days

3

Patch & Mitigation

Patch or mitigation within 30 days

4

Disclosure

Public disclosure coordinated with reporter

Safe Harbor

Kryptasys will not pursue legal action against security researchers who:

  • Report vulnerabilities in good faith
  • Do not access or modify user data
  • Do not disrupt our services
  • Give us reasonable time to respond

We consider good-faith security research a valuable contribution to our security.

Hall of Fame

We thank the following researchers for responsibly disclosing vulnerabilities:

Be the first to contribute to Kryptasys security.

Submit a Report

Ready to report? Contact us at contact.kryptasys@proton.me

Report an Issue →