Responsible Disclosure
Last updated: July 2026
We welcome reports
We hold ourselves to the standard we test others against. If you believe you have found a security vulnerability in a BugSnaps-owned system, we want to hear from you — and we will treat your report with the respect we'd expect for our own.
How to report
Email aryan@bugsnaps.in with a description of the issue, steps to reproduce, and any relevant proof of concept. We acknowledge reports within 2 business days and aim to provide a resolution timeline within 5.
Ground rules
- Do not access, modify, or exfiltrate data that isn't yours.
- Do not degrade service availability (no denial-of-service testing).
- Give us reasonable time to remediate before public disclosure.
- Only test systems owned and operated by BugSnaps.
Safe harbor
We will not pursue legal action against researchers who act in good faith, follow these guidelines, and report findings promptly and privately.