Enkept Vulnerability Disclosure Policy

Last Updated: 03-Feb-2025

  1. Introduction

    At Fastcurve Services Private Limited ("Enkept," "we," "us," or "our"), we take security seriously. Protecting our users' data and ensuring the integrity of our platform is a top priority. This Vulnerability Disclosure Policy outlines how security researchers and users can report vulnerabilities, our commitment to addressing security issues, and the guidelines for responsible disclosure.

  2. Scope

    This policy applies to any digital asset owned, operated, or maintained by Enkept, including but not limited to:

    1. Official website and subdomains
    2. Enkept Web applications
    3. Mobile applications (Android & iOS)
    4. APIs and backend services
  3. Reporting a Vulnerability

    If you discover a security vulnerability in Enkept, we encourage you to report it responsibly by following these steps:

    1. Email us at: support@enkept.com
    2. Provide a detailed description of the vulnerability, including steps to reproduce it.
    3. If possible, include screenshots, logs, or proof-of-concept code.
    4. Do not publicly disclose the vulnerability until we have had a reasonable chance to address it.
  4. What We Expect

    To ensure responsible disclosure and avoid unnecessary risks:

    1. Do not exploit the vulnerability beyond what is necessary for validation.
    2. Do not access or modify any data that is not your own.
    3. Do not conduct tests that degrade the availability of our services (e.g., DoS attacks).
    4. Do not disclose the vulnerability to third parties without our written consent.
  5. Our Commitment

    We appreciate the efforts of ethical security researchers and commit to:

    1. Acknowledging receipt of the report.
    2. Investigating and validating the vulnerability within a reasonable timeframe.
    3. Keeping the reporter informed about the resolution status.
    4. Recognizing valid contributions through available means.
  6. Legal Considerations

    We will not take legal action against researchers who adhere to this policy and act in good faith. However, activities violating our policy or applicable laws may result in legal consequences.

  7. Exclusions

    The following activities are not covered under this policy:

    1. Social engineering attacks (e.g., phishing, impersonation).
    2. Physical security testing (e.g., office access, hardware tampering).
    3. Automated scanning that generates excessive traffic.
    4. Known vulnerabilities in third-party software without a reasonable exploit chain.
  8. Contact Us

    For security-related inquiries or to report a vulnerability, contact us at:

    Fastcurve Services Private Limited
    Bengaluru, India
    Email: support@enkept.com

    We thank you for helping us keep Enkept secure!