At Wealth Empires, the security of our clients' data and systems is our highest priority. We are committed to protecting our platform, products, and users from potential vulnerabilities. This Responsible Disclosure Policy explains how security researchers and users can safely report any potential vulnerabilities or weaknesses in our systems.
1. Our Commitment
Wealth Empires values the contributions of security researchers and users who help us maintain a secure environment. We will:
Acknowledge valid reports promptly.
Work with you in good faith to understand and fix the issue.
Not take legal action against responsible, ethical disclosures made in accordance with this policy.
2. Scope
This policy applies to:
- Our official website (www.wealthempires.in)
- Our AI-powered platforms and tools (e.g., Startup Health Check, AI CRM, and other digital applications)
- APIs, portals, and connected services owned or operated by Wealth Empires
This policy does not apply to:
- Third-party services integrated into our platform (e.g., payment gateways, government APIs, or cloud providers)
- Social engineering, denial of service (DoS/DDoS), or phishing attacks
- Physical security testing or access attempts
3. Reporting a Vulnerability
If you believe you've found a security vulnerability, please report it responsibly and confidentially to us.
Please include the following details:
- A clear description of the issue
- Steps to reproduce the vulnerability
- Affected URLs, APIs, or parameters
- Any supporting screenshots, code snippets, or logs
Important: Avoid publicly disclosing the issue until we've confirmed and resolved it.
4. Responsible Research Guidelines
When investigating potential vulnerabilities, you must:
Respect Privacy
Respect Privacy: Make every effort to avoid privacy violations, data destruction, or service disruption.
No Data Access
No Data Access: Not access, copy, or modify data that doesn't belong to you.
No Exploitation
No Exploitation: Not use vulnerability discovery for financial gain or blackmail.
No Automated Attacks
No Automated Attacks: Not perform automated scanning or brute-force attacks on production systems.
Comply with Laws
Comply with Laws: Comply with all applicable laws and this policy.
We request you to test responsibly and only within the defined scope.
5. Our Response Process
Upon receiving a vulnerability report:
1
We will acknowledge receipt within 72 hours.
2
Our security team will review and validate the issue.
3
We will work to resolve verified vulnerabilities as quickly as possible.
4
We may contact you for additional information or testing support.
5
Once resolved, we may publicly acknowledge your contribution (with your consent).
6. Recognition
Wealth Empires appreciates responsible security researchers and ethical hackers who help improve our platform. While we do not currently offer a monetary bug bounty program, we may offer:
Hall of Fame
Public recognition on our "Security Hall of Fame" page, and/or
Certificate
A formal Certificate of Appreciation for verified reports.
7. No Legal Action
We will not pursue legal action against individuals who:
Act in good faith
Follow this Responsible Disclosure Policy
Do not exploit or misuse the reported vulnerability
Do not publicly disclose details before an agreed-upon fix is deployed
8. Our Security Practices
Wealth Empires follows best practices for information security, including:
VAPT
Regular vulnerability assessments and penetration testing (VAPT)
Encryption
Data encryption in transit and at rest
MFA
Multi-factor authentication for critical access
Monitoring
Continuous monitoring and audit logging
Compliance
Compliance with ISO 27001, GDPR, and Indian IT Act (SPDI Rules)
9. Contact
For responsible disclosure or urgent security concerns, contact:
10. Final Note
By responsibly disclosing vulnerabilities to Wealth Empires, you help us build a safer digital environment for entrepreneurs, startups, and businesses worldwide. We appreciate your support in keeping our platform secure and trustworthy.