Contact: mailto:security@pincodesinfo.in
Expires: 2026-12-31T23:59:59.000Z
Preferred-Languages: en
Canonical: https://www.pincodesinfo.in/.well-known/security.txt
Encryption: https://www.pincodesinfo.in/pgp-key.txt

# Security Policy

## Reporting a Vulnerability

If you discover a security vulnerability in PincodesInfo, please report it to us responsibly:

1. **Email:** security@pincodesinfo.in
2. **Subject:** [SECURITY] Brief description of the issue
3. **Include:**
   - Description of the vulnerability
   - Steps to reproduce
   - Potential impact
   - Suggested fix (if any)

## Response Timeline

- **Acknowledgment:** Within 24 hours
- **Initial Assessment:** Within 72 hours
- **Fix Timeline:** Depends on severity
  - Critical: 24-48 hours
  - High: 1 week
  - Medium: 2 weeks
  - Low: 1 month

## Scope

**In Scope:**
- SQL Injection
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Authentication/Authorization issues
- Server-Side Request Forgery (SSRF)
- Remote Code Execution (RCE)
- Sensitive data exposure

**Out of Scope:**
- Social engineering attacks
- Physical attacks
- Denial of Service (DoS/DDoS)
- Issues in third-party services
- Spam or phishing reports

## Safe Harbor

We consider security research conducted under this policy to be:
- Authorized in accordance with applicable law
- Lawful and helpful to the security of PincodesInfo
- Conducted in good faith

We will not pursue legal action against researchers who:
- Follow this responsible disclosure policy
- Make a good faith effort to avoid privacy violations
- Do not exploit vulnerabilities beyond demonstration
- Do not access or modify user data
- Do not perform attacks that degrade service

## Recognition

We appreciate security researchers who help us maintain a secure platform. With your permission, we will:
- Acknowledge your contribution in our security hall of fame
- Provide attribution for the discovery
- Keep you informed of our remediation progress

Thank you for helping keep PincodesInfo and our users safe!