Security Overview & Vulnerability Disclosure — Gyanbatua.ai

2) Key Safeguards (High Level)

Depending on the feature and system, we may use safeguards such as:

• A) Access Control
  • role-based access and least-privilege controls,
  • strong authentication and session controls for user access,
  • restricted internal access to systems and user data.
• B) Encryption & Secure Transmission
  • encryption in transit (e.g., HTTPS/TLS),
  • encryption at rest where feasible and appropriate to the system and data category,
  • secure secret management practices where applicable.
• C) Monitoring & Logging
  • security logging for critical events,
  • monitoring for suspicious activity and abuse,
  • rate limiting and protections against automated misuse where applicable.
• D) Secure Development & Change Management
  • secure engineering practices and code reviews where appropriate,
  • patching and vulnerability management processes,
  • controlled deployments and system change tracking.
• E) Vendor & Third-Party Risk Management
  • using reputable infrastructure and service providers,
  • contractual security and confidentiality obligations for key vendors,
  • limiting third-party access to what is necessary.
• F) Business Continuity
  • backups and recovery practices designed to support service continuity,
  • operational resilience controls appropriate for the Platform.

3) Your Role in Security

You can help keep your account safe by:

• using a strong, unique password,
• enabling available security features (where offered),
• keeping your device/browser updated,
• not sharing passwords, OTPs, or sensitive financial details in prompts or uploads,
• reporting suspicious activity promptly.

4) Important Limitations

No system can guarantee 100% security. While we work to protect the Platform, security risks can still occur due to factors beyond our control (e.g., sophisticated attacks, third-party failures, user device compromise).

5) Vulnerability Disclosure (Responsible Reporting)

We welcome responsible security research and disclosures that help improve Platform security.

• A) How to Report
  • Email: [email protected]
  • Subject: "Security Vulnerability Report – Gyanbatua.ai"

  Include:

  • a clear description of the issue,
  • steps to reproduce (proof-of-concept if available),
  • affected URLs/endpoints/screens,
  • potential impact,
  • your contact details for follow-up.
• B) What We Ask Researchers To Do

  Please:

  • act in good faith and avoid privacy violations,
  • do not access, modify, delete, or download other users' data,
  • do not disrupt the Platform (no DDoS, spam, or destructive testing),
  • use only test accounts and your own data,
  • provide us a reasonable time to investigate and remediate before public disclosure.
• C) Scope Boundaries (Not Permitted)

  The following are not permitted:

  • social engineering of employees/users (phishing, vishing),
  • physical security attacks,
  • denial-of-service attacks,
  • using vulnerabilities to access data that is not yours,
  • testing that impacts service availability or user experience.
• D) Our Good-Faith Commitment

  If you follow this policy and act in good faith, we will not intentionally pursue legal action against you for responsible disclosure. This does not apply to activities that are malicious, unlawful, or conducted in bad faith.

6) Incident Response & User Notifications

If we identify a security incident involving personal data, we will take reasonable steps to:

• investigate and contain the incident,
• mitigate risks and restore services,
• comply with applicable legal obligations (including any notification requirements).

7) Updates to This Page

We may update this Security Overview from time to time. The latest version will be posted on the Platform with an updated effective date.