MetaCache
SECURE_CHANNEL::ACTIVE

Responsible Disclosure Policy

Guidelines for reporting security vulnerabilities in our systems and services.

Report a Security Issue

If you've discovered a security vulnerability in our systems, please contact us immediately.

Report to [email protected]

Scope and Guidelines

MetaCache Cybersecurity is committed to maintaining the security of our systems and protecting client data. We appreciate the security research community's efforts to help us identify vulnerabilities responsibly.

In Scope

  • Our public website and web applications (metacache.in)
  • Public-facing APIs and services
  • Security issues that could affect client data or service integrity
  • Infrastructure vulnerabilities in our public-facing systems

Out of Scope

  • Social engineering attempts against our employees
  • Physical security testing of our facilities
  • Third-party services we use but do not control
  • Issues requiring extensive social engineering or physical access
  • Denial of service attacks or load testing
  • Spam or content injection without security impact

Reporting Process

How to Report

Send vulnerability reports to [email protected] with:

  • Detailed description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact and exploitation scenarios
  • Screenshots or proof-of-concept code (if applicable)
  • Your contact information for follow-up questions

Our Response Process

  • 24 hours: Acknowledgment of your report
  • 72 hours: Initial assessment and severity classification
  • 5 business days: Detailed response with remediation timeline
  • 30 days: Resolution of critical vulnerabilities
  • 90 days: Resolution of non-critical vulnerabilities

Safe Harbor and Legal Protection

We commit to not pursue legal action against researchers who:

  • Make a good faith effort to avoid harm to others
  • Do not access, modify, or delete data belonging to others
  • Do not perform testing that could degrade service quality
  • Report vulnerabilities promptly and work with us on resolution
  • Keep vulnerability details confidential until resolved

Recognition

We appreciate the security research community's contributions. Depending on the severity and impact of reported vulnerabilities, we may:

  • Publicly acknowledge your contribution (with your permission)
  • Provide a detailed technical response about our remediation
  • Offer a letter of recommendation for professional purposes

Note: As a cybersecurity consultancy focused on client services, we do not currently offer monetary rewards or bounties.

Important Distinction

Unauthorized Testing vs. Authorized Services

This policy covers only our own systems. Security testing of client systems or third-party systems requires explicit written authorization through proper Rules of Engagement (ROE) and service agreements.

Unauthorized testing of systems not covered by this policy may violate laws and could result in legal action. Always ensure you have permission before testing any system.

Encryption and Secure Communication

For highly sensitive vulnerability reports, you may request our PGP key by emailing us first. We encourage encrypted communication for reports involving critical vulnerabilities or client-impacting security issues.

Questions and Clarifications

If you're unsure whether a vulnerability is in scope or have questions about our disclosure policy, please reach out to us before testing. We're happy to clarify our scope and work with researchers to ensure responsible disclosure practices.

Contact: [email protected]

Last updated: December 25, 2025