Skip to content
+91-11-43791919
Get a Quote Contact Us
Last Updated: March 21, 2026

Security Policy

Secure
Data Privacy
Global
Compliance
24/7
Support

1. Our Commitment

Codesaint Technologies Pvt. Ltd. takes the security of our systems and the data of our clients seriously. We welcome responsible disclosure of vulnerabilities from the security community. This policy describes how to report security issues to us and what you can expect in return.

2. Scope

This policy covers vulnerabilities affecting the following assets:

  • Web applications: codesaint.in and all subdomains
  • APIs: Public-facing REST and GraphQL endpoints operated by Codesaint Technologies
  • Mobile applications: Android and iOS apps published under our developer accounts
  • Infrastructure: Servers, services, and network equipment operated by Codesaint Technologies

2.1 Out of Scope

The following are outside scope and should not be tested:

  • Third-party services and platforms we use but do not operate
  • Social engineering, phishing, or physical attacks against our staff
  • Denial-of-service (DoS/DDoS) attacks
  • Automated scanning without prior written approval
  • Vulnerabilities in end-of-life software versions we have already acknowledged

3. How to Report

Please send your report to security@codesaint.in with the following information:

  • Description of the vulnerability and its potential impact
  • Step-by-step reproduction instructions
  • Any proof-of-concept code, screenshots, or supporting evidence
  • Your contact details (optional — anonymous reports are accepted)

For sensitive disclosures, you may request our PGP key by emailing security@codesaint.in.

4. Our Response Commitments

MilestoneTarget Timeframe
Acknowledgement of receiptWithin 2 business days
Initial triage and severity assessmentWithin 5 business days
Status updateEvery 14 days until resolved
Resolution (critical / high severity)Within 30 days
Resolution (medium / low severity)Within 90 days

5. Safe Harbour

We will not pursue legal action against researchers who:

  • Comply with this policy and act in good faith
  • Avoid privacy violations, data destruction, or disruption to our services
  • Do not access, modify, or exfiltrate data beyond what is necessary to demonstrate the vulnerability
  • Report the vulnerability to us before any public disclosure
  • Allow us reasonable time to remediate before disclosure

We consider responsible security research a valuable contribution and will work with you throughout the disclosure process.

6. Recognition

With your permission, we will acknowledge your contribution on our Security Acknowledgments page. We do not currently operate a paid bug bounty programme, but we are grateful for responsible disclosures and will acknowledge them publicly.

7. Contact

Security reports: security@codesaint.in
General security enquiries: infosec@codesaint.in
CSIRT (active incidents): csirt@codesaint.in

Have Questions?
Contact Us
Need Help?
View FAQs

We use cookies to enhance your experience and analyze site traffic. Cookie Policy

Cookie Preferences

Essential

Required for the website to function. Cannot be disabled.