Disclaimer

At Intigate Private Limited (“Intigate”, “we”, “our”, or “us”), protecting the data and security of our clients and users is a top priority. We are committed to maintaining a secure environment for all our digital services.

While we take strong measures to safeguard our systems, no platform is completely immune to vulnerabilities. We value the contributions of security researchers and ethical hackers in helping us improve our security posture.

Responsible Disclosure

We encourage responsible disclosure of any security vulnerabilities identified in our systems.

If you discover a potential vulnerability, we request that you:

  • Do not publicly disclose the issue
  • Do not share details with any third party
  • Provide us reasonable time to investigate and resolve the issue

Reporting a Vulnerability

You can report any security vulnerability by contacting us at:

Email: security@intigate.co.in
Website: https://www.intigate.co.in/

We are committed to:

  • Acknowledging your report promptly
  • Investigating the issue thoroughly
  • Taking appropriate corrective actions

We appreciate your efforts and may recognize valid contributors in our Hall of Fame (subject to internal review).

Submission Guidelines

To help us effectively assess and resolve vulnerabilities, please include the following details in your report:

  • Clear description of the vulnerability
  • Step-by-step instructions to reproduce the issue
  • Potential impact and risk level
  • Proof of concept (PoC), if available

Incomplete reports or those lacking reproducibility may not be eligible for recognition.

Scope of Testing

The following assets are considered in-scope:

Out of Scope

  • Third-party services, tools, or platforms used by Intigate
  • Any systems not owned or controlled by Intigate

Vulnerabilities identified in third-party systems should be reported directly to the respective providers.

Non-Qualifying Vulnerabilities

The following issues are generally considered informational and are not eligible for reporting or recognition:

  • Presence of server banners or version disclosures
  • Enabled HTTP methods (OPTIONS / TRACE)
  • Missing CAPTCHA mechanisms
  • Default server pages
  • Brute-force attack scenarios
  • Content or hyperlink injection without impact
  • Missing SPF/DMARC records
  • Password policy weaknesses
  • Full path disclosure without sensitive impact
  • Public access to XML-RPC endpoints
  • CSRF issues without authentication impact
  • Clickjacking without a valid exploit scenario
  • Security headers misconfiguration (unless exploitable)
  • Denial of Service (DoS/DDoS) vulnerabilities
  • Issues requiring physical access
  • Theoretical vulnerabilities without practical exploitation
  • Issues affecting third-party domains or subdomains

Legal & Ethical Guidelines

While testing our systems, you agree to:

  • Act in good faith and avoid privacy violations
  • Not exploit vulnerabilities beyond what is necessary to demonstrate the issue
  • Not disrupt services or degrade user experience
  • Not access, modify, or delete data that does not belong to you

Any activity that violates applicable laws or causes harm to our systems or users may result in legal action.

Policy Updates

We reserve the right to update this policy at any time. Changes will be reflected by updating the “Last Updated” date on this page.

Acceptance of Terms

By participating in vulnerability testing and reporting, you agree to comply with this policy and its guidelines.