Loading…
Loading…
Security Research
We welcome good-faith security research into Bachao.AI. If you've found a vulnerability, here's how to tell us — and what to expect.
Email ceo@bachao.ai with details of the vulnerability. We read every report personally and will acknowledge receipt as soon as we can.
Please encrypt sensitive details where possible and avoid including live credentials, full session tokens, or other users' personal data in your report.
We will not pursue legal action against researchers who discover and report vulnerabilities in good faith, provided the research stays within the scope and guidelines described on this page. We consider security research conducted under this policy to be authorized activity.
Only test domains and systems we own — see Scope below. Never test on behalf of, or against, a third-party service we merely integrate with.
Don't access, modify, download, or exfiltrate another user's data. Stop at the minimum evidence needed to prove the issue exists.
No denial-of-service, spam, brute-force, or automated volumetric testing. Minimize impact on production systems and other users at all times.
Don't attempt phishing, pretexting, or social engineering against our staff, contractors, or customers.
Report what you find as soon as practical, and give us reasonable time to investigate and remediate before any public disclosure.
We credit researchers who submit valid, novel reports, with their permission. Bachao.AI does not currently operate a paid bug-bounty program — recognition is our way of saying thank you, not a promise of payment.
Found something? Tell us.
Report to ceo@bachao.ai