VaraaApparel

Whitehat Program

Responsible Disclosure & Security Policy

At Varaa Apparel, we take the security of our user data and infrastructure seriously. We welcome security researchers and the community to help us identify and fix vulnerabilities through our Responsible Disclosure Program.

Program Scope

Our Whitehat program covers the following digital assets. If you find a vulnerability in any of these, we want to hear from you.

  • Primary Domain: varaaapparel.in (and all subdomains)

Reporting a Vulnerability

If you believe you have found a security vulnerability, please report it to us immediately. We ask that you:

  • Send a detailed report to info@tejkumar.in.
  • Include a clear description of the vulnerability and the steps to reproduce it (POC).
  • Do not exploit the vulnerability to view others' data or disrupt our services.
  • Allow us reasonable time (up to 30 days) to fix the issue before identifying it publicly.

Out of Scope (Exclusions)

The following categories are generally considered out of scope:

  • Social Engineering (Phishing, Vishing, etc.)
  • DDoS or DoS attacks that disrupt service
  • Spam or content injection
  • Issues requiring physical access to a user's device

Hall of Fame

Valid and significant vulnerability reports may be eligible for recognition in our Hall of Fame

This policy is subject to change without notice. By submitting a report, you agree to these terms.