SECURITY

Security & Responsible Disclosure

We welcome reports from security researchers. This page explains how to report a vulnerability and what you can expect from us in return.

Last updated: June 20, 2026 security@vijnara.com

Security is central to how Vijnara is built. If you believe you've found a vulnerability in our platform or website, please report it to security@vijnara.com. We commit to acknowledging your report, investigating promptly, and keeping you informed.

1. Our commitment

We value the work of the security community and believe coordinated, responsible disclosure makes everyone safer. We will investigate all legitimate reports in good faith, work to remediate confirmed issues in a timely manner, and recognize researchers who help us improve — while protecting our customers' data throughout.

2. How to report

Email security@vijnara.com with enough detail for us to reproduce and assess the issue. A helpful report typically includes:

  • ·A clear description of the vulnerability and its potential impact.
  • ·Step-by-step instructions or a proof of concept to reproduce it.
  • ·Affected URLs, endpoints, parameters or components, and any relevant logs or screenshots.
  • ·Your contact details so we can follow up.

For sensitive reports, request our PGP key and we'll provide an encrypted channel.

3. Scope

IN SCOPE
  • ·The Vijnara platform and application
  • ·vijnara.com and official subdomains
  • ·Authentication, access control & data-isolation issues
OUT OF SCOPE
  • ·Denial-of-service or volumetric testing
  • ·Social engineering, phishing or physical attacks
  • ·Findings from automated scanners without validated impact

4. Researcher guidelines

To keep testing safe and lawful, we ask that you:

  • ·Only test against accounts and data you own or are explicitly authorized to use.
  • ·Avoid accessing, modifying or deleting other users' or customers' data.
  • ·Stop and report immediately if you encounter personal or customer data, and do not retain it.
  • ·Give us a reasonable time to remediate before any public disclosure, and coordinate timing with us.

5. Safe harbor

We will not pursue legal action against researchers who act in good faith and comply with these guidelines, including the scope and conduct expectations above. We consider activity conducted consistently with this policy to be authorized, and will work with you to understand and resolve issues quickly. If legal action is initiated by a third party against you for activity that complied with this policy, we will make this authorization known.

6. What to expect

1
Acknowledgement

We aim to confirm receipt of your report within two business days.

2
Assessment

We triage, validate and assess severity, and may follow up for more detail.

3
Remediation

We fix confirmed issues based on severity and keep you updated on progress.

4
Recognition

With your consent, we're happy to credit you once the issue is resolved.

7. Our security practices

Vijnara is built with security at its core: permission-aware retrieval, encryption in transit and at rest, role- and department-based access controls, audit logging, multi-tenant isolation, and least-privilege internal access. Our architecture is designed to align with frameworks such as SOC 2, ISO 27001, GDPR and HIPAA; specific certifications depend on deployment configuration. For deployment-specific documentation, contact our team.

8. Contact

Report a vulnerability or request our security documentation:

REPORT A VULNERABILITY
DATA PROTECTION
Contact us