Chronoseize 42 Tech Pvt. Ltd. A consumer AI company · Made in India Index 06 / Security
§ Security / 06 Responsible Disclosure

Responsible
Disclosure.

If you believe you have found a security vulnerability affecting Chronoseize 42 Tech or any product or service we operate, we’d like to hear about it. This page describes how to report responsibly, and what to expect in return.

01Our commitment

Chronoseize is committed to ensuring the security of the people who use our products and services. We welcome reports from independent security researchers, industry organisations, and members of the public.

Report in good faith. We will respond in good faith.

02How to report

Send your report to security@chronoseize.com. To help us validate and triage the issue quickly, please include:

  • a clear description of the vulnerability and the affected asset (URL, endpoint, application, or component);
  • step-by-step instructions to reproduce the issue;
  • the impact you believe the vulnerability could have;
  • any supporting material (logs, screenshots, proof-of-concept code) that helps us understand the report;
  • your name (or pseudonym) and how you’d like to be credited, if at all.

You may encrypt sensitive reports; we will publish PGP keys for the security mailbox if there is sufficient demand. In the meantime, do not include real user data, real credentials, or any unnecessary sensitive material in your initial report.

03Scope

This policy covers production websites, applications, and services operated by Chronoseize 42 Tech Private Limited, including this corporate website at chronoseize.com. Issues affecting third-party services we depend on are out of scope; please report those to the relevant vendor directly.

04Guidelines for researchers

We ask researchers to:

  • respect the privacy of others, including end users and our staff;
  • avoid privacy violations, destruction of data, and disruption of services;
  • use only test accounts and test data you have created; never access, modify, or use real user data;
  • avoid degrading service quality (do not run automated scanners at high concurrency, and stop testing immediately if you observe unintended impact);
  • give us a reasonable opportunity to address the issue before public disclosure (typically ninety (90) days from acknowledgement, though we will work with you to agree a timeline);
  • comply with all applicable law.

05Safe harbour

Chronoseize will not pursue civil action or initiate a complaint to law enforcement for accidental, good-faith violations of this policy. We consider security research conducted in accordance with this policy to be authorised conduct under applicable computer-crime laws, to the extent permitted by law.

If at any point you are uncertain whether your planned research is consistent with this policy, please contact us at security@chronoseize.com before proceeding.

06Out of scope

The following are typically considered out of scope unless accompanied by a demonstrable security impact:

  • theoretical vulnerabilities without practical exploit paths;
  • missing security headers or cookies with no demonstrable impact;
  • reports generated solely by automated scanners, without analysis;
  • denial-of-service issues that rely on volumetric attacks;
  • social-engineering or phishing of our staff;
  • physical attacks against our premises or staff;
  • issues that require a fully compromised user device or rooted/jailbroken device.

07Acknowledgement & thanks

We aim to acknowledge new reports within five (5) business days and to provide an initial assessment within fifteen (15) business days. With your consent, we are glad to publicly thank researchers who help us improve the security of our products. Please let us know in your report how you’d like to be credited.

Thank you for helping us keep our users safe.