Responsible Disclosure Policy

Gynera Solutions Pvt Ltd (hereinafter referred to as "Fynverse") considers the security of its products and services an essential aspect of business practice. To maintain this practice, we encourage security researchers (“Participants”) to make responsible disclosures of any vulnerabilities they identify in Fynverse systems.

Purpose

This Responsible Disclosure Policy ("Policy") guides Participants in conducting responsible vulnerability discovery and reporting vulnerabilities to Fynverse to strengthen security and protect users.

Reporting a Vulnerability

If a Participant believes to have found a real or potential security vulnerability in any Fynverse-owned systems or software, they should report it via email to Gynerasolutions@gmail.com. Subject line should be prefixed with "Bug Bounty".

Required Report Details

  • Vulnerability Name
  • Vulnerability Type
  • Description & Steps to Reproduce
  • Proof of Concept
  • Impact & Recommendation
  • Participant Details: Full Name, Email, Mobile, Public Profile (if any)

Program Rules

  • One report per vulnerability unless related issues need to be clubbed.
  • Only the first reproducible report will be rewarded.
  • Social engineering attacks are prohibited.
  • Automated tools or scripts are strictly prohibited; manual step-by-step PoC required.
  • Good faith effort must be made to avoid privacy violations or service disruptions.

Response Targets

  • Fynverse will acknowledge the receipt of vulnerability reports promptly.
  • Validation and resolution will follow Fynverse’s commitment to security.
  • Participants will be notified once the issue is fixed.

Severity & Reward Categorization

Vulnerabilities are categorized by severity: Critical, High, Medium, Low. Bounty rewards will be assessed internally based on the severity and impact of the vulnerability.

Safe Harbor

Activities conducted in accordance with this Policy will be considered authorized. Fynverse will defend Participants from legal action by third parties if activities are conducted in good faith under this Policy.

Confidentiality

All information shared by Fynverse or discovered during testing is confidential. Participants must:

  • Keep all confidential information secure for 5 years.
  • Use information solely for reporting vulnerabilities.
  • Return all confidential information upon request.

Legal & Miscellaneous

  • This Policy is governed by the laws of India, with courts in Pune having exclusive jurisdiction.
  • Fynverse retains ownership of all confidential information.
  • Participants may not disclose, copy, or develop competing products using confidential information.
  • Fynverse reserves the right to amend this Policy at any time.

Contact Information

Email: gynerasolutions@gmail.com

Address: Platinum Park, Gat No. 1420, Next to Dmart, Lohegaon Wagholi Road, Wagholi, Pune-412207

Phone: +91 8002587849

Thank you for helping keep Fynverse and its users safe!