🛡️ Security & Responsible Disclosure Policy

Effective Date: 16 August 2025
Last Updated: 16 August 2025

At JustHackIT (“Company”, “we”, “our”), the security and privacy of our customers, systems, and data is a top priority. We actively encourage security researchers, ethical hackers, and members of the community to report potential vulnerabilities responsibly. This policy defines how to report security issues, our commitments to you, and the protections you have under our Safe Harbor clause.

1. Our Commitment

• We will investigate all legitimate reports of vulnerabilities in good faith.
• We will not pursue legal action against researchers who comply with this policy.
• We will acknowledge valid reports and provide updates throughout the remediation process.
• We may recognize significant contributions through our Security Hall of Fame or other acknowledgments.

2. How to Report

If you identify a security vulnerability, please report it promptly using the details below:

• Email (Primary): security@justhackit.in
• Email (Urgent Escalations): grievance@justhackit.in

Your report should include:

• A clear description of the vulnerability.
• Steps to reproduce or Proof-of-Concept (if possible).
• Potential impact and affected systems/assets.
• Your contact details for coordinated follow-up.

3. Rules for Researchers

To remain within scope and eligible for Safe Harbor protections, researchers must:

• Act in good faith and avoid causing harm, disruption, or unauthorized data access.
• Report vulnerabilities directly to us and allow at least 30 days before any public disclosure.
• Only test systems you own or accounts you are authorized to use unless otherwise permitted by us.

Strictly prohibited activities include:

• Denial-of-Service (DoS/DDoS) or performance degradation attacks.
• Social engineering, phishing, or fraudulent activity.
• Accessing, altering, or exfiltrating sensitive personal or business data.
• Exploitation beyond proof-of-concept testing.

4. Our Response

• Acknowledge receipt of your report within 48 hours.
• Provide an initial assessment within 5 business days.
• Keep you updated on remediation progress.
• Request consent before publicly acknowledging your contribution.

5. Recognition & Rewards

Although we do not currently operate a formal bug bounty program, we may:

• List your name in our Security Hall of Fame (with your consent).
• Provide non-monetary rewards such as certificates, swag, or community recognition.
• Consider you for future security research partnerships and collaborations.

6. Legal Safe Harbor

If you act in accordance with this policy:

• We will not initiate legal action against you for your research.
• Your actions will be considered authorized under applicable cybersecurity laws.
• We reserve the right to take action if findings are used maliciously or outside this policy’s scope.

7. Customer Security Commitment

To our customers and SMB partners, we commit to:

• Proactively monitoring and testing our systems for vulnerabilities.
• Implementing timely fixes for reported security issues.
• Maintaining transparency about significant security matters that could impact users.
• Ensuring all data is safeguarded with industry-standard security practices.

8. Contact Information

For all security-related inquiries and vulnerability disclosures, please contact:

• Security Team: security@justhackit.in
• Grievance Officer: grievance@justhackit.in
• Website: www.justhackit.in