Vulnerability Disclosure Policy
1. Introduction
At Tekhsters IT Services Private Limited (hereafter referred to as "Tekhsters IT Services"), the security and integrity of our systems, applications, and user data are our highest priorities. We appreciate the critical role that independent security researchers and the ethical hacking community play in keeping the digital ecosystem safe.
This Vulnerability Disclosure Policy (the "Policy") outlines the guidelines for conducting good-faith security research and defines the clear channel through which researchers can responsibly report discovered vulnerabilities to us.
2. Safe Harbor & Legal Commitment
If you make a good-faith effort to comply with this Policy during your security research, Tekhsters IT Services will consider your research to be fully authorized.
- No Legal Action: Tekhsters IT Services will not initiate, recommend, or pursue legal action against you (including under any applicable anti-hacking or data protection legislation) regarding your research activities.
- Third Parties: If a third party initiates legal action against you for activities conducted strictly in accordance with this Policy, Tekhsters IT Services will take reasonable steps to make it known that your actions were authorized.
3. Scope of Testing
Active research and testing should only be conducted against the assets owned and operated explicitly by Tekhsters IT Services.
In Scope
- All primary corporate domains, subdomains, and web applications owned by Tekhsters IT Services.
- Proprietary software applications, platforms, and APIs developed by Tekhsters IT Services.
Strictly Out of Scope
- Any third-party services, applications, platforms, or integrations hosted by external vendors.
- Destruction, corruption, exfiltration, or unauthorized modification of Tekhsters IT Services or user data.
4. Rules of Engagement
To qualify for safe harbor under this policy, researchers must adhere to the following binding guidelines:
- No Disruption: Make every effort to avoid service degradation, system downtime, privacy violations, or disruption to production environments.
- Limit Exploitation: Use exploits only to the minimum extent necessary to verify a vulnerability's existence (e.g., establishing a basic Proof of Concept). Do not attempt to pivot to other systems, execute data exfiltration, or maintain persistent command-line access.
- Stop on Sensitive Data: If you inadvertently encounter or gain access to personal data, financial information, or proprietary assets, stop testing immediately, delete local copies, and notify us. Do not share this data with anyone else.
- Keep it Confidential: Keep all details regarding a discovered vulnerability entirely confidential between yourself and Tekhsters IT Services until we have successfully validated, triaged, and remediated the issue.
Explicitly Prohibited Testing Methods
- Network Denial of Service (DoS or DDoS) attacks.
- High-intensity, automated destructive scanning.
- Social engineering (e.g., phishing, vishing) directed at Tekhsters IT Services staff, partners, or users.
- Physical security testing of Tekhsters IT Services offices, facilities, or personnel.
5. How to Report a Vulnerability
If you believe you have discovered a vulnerability, please submit a detailed report immediately via email.
Reporting Email: security@gotrust.tech (or your preferred security contact email)
Please include the following details in your report:
- Asset & Impact: The exact URL, IP address, or product version where the bug was observed, along with its potential impact.
- Steps to Reproduce: A clear, concise description of the steps required to validate the issue.
- Artifacts: Benign Proof of Concept (PoC) scripts, code snippets, or masked screenshots/videos.
- Your Info: Your name, handle, or organization if you wish to be credited for the discovery.
6. What You Can Expect From Us
Tekhsters IT Services is committed to working collaboratively and transparently with the security community. When you submit a report, we promise to:
- Acknowledge: Confirm receipt of your vulnerability report within 3 to 5 business days.
- Triage & Validate: Professionally evaluate the finding and provide an estimated timeline for mitigation or patch deployment.
- Maintain Open Dialogue: Keep you informed as our internal teams work toward remediation.
- Recognition: If you are the first researcher to report a valid, confirmed vulnerability and you comply fully with this policy, we will happily recognize your contribution (e.g., via a Hall of Fame or attribution) if requested.
Last Updated: July 2026




