Cybersecurity & Responsible Disclosure Policy

Effective Date: 6th August 2025

This Cybersecurity & Responsible Disclosure Policy (“Policy”) is issued by Lahar Networks Private Limited, a company incorporated under the Companies Act, 2013, bearing CIN U63112DL2025PTC452796, with its registered office at D-365, West Vinod Nagar, East Delhi, Delhi 110092, India. This Policy outlines the measures adopted by the Lahar platform (“Lahar” or “Platform”) to safeguard the integrity, confidentiality, and availability of its systems and provides Users and security researchers with a structured mechanism to report vulnerabilities responsibly.

1. Purpose

1.1 The purpose of this Policy is to ensure that Lahar maintains the highest standards of cybersecurity, protects User data from unauthorized access, and prevents malicious exploitation of vulnerabilities.

1.2 This Policy further provides a safe channel for ethical hackers, researchers, and Users to disclose security vulnerabilities in good faith, thereby contributing to the overall resilience of the Platform.

2. Applicability

2.1 This Policy applies to all categories of Users of the Platform, namely Regular Users, Content Creators or Marketplace Operators, and Institutional Users.

2.2 This Policy also applies to third-party developers, vendors, and partners who interact with the Platform’s infrastructure, systems, or APIs.

3. Cybersecurity Measures

3.1 Lahar employs industry-standard security practices including encryption of data in transit and at rest, intrusion detection systems, firewalls, multi-factor authentication, and access control mechanisms.

3.2 Lahar conducts regular vulnerability assessments, penetration testing, and code reviews to identify and mitigate risks.

3.3 All systems are monitored continuously for suspicious activity, with logs retained for a minimum of five (5) years in compliance with the CERT-In Directions, 2022.

3.4 Access to sensitive data and systems is restricted to authorized personnel, subject to strict authentication and logging requirements.

3.5 Regular training is conducted for employees, Admins, and institutional account operators to ensure awareness of cybersecurity obligations and threat management.

4. User Responsibilities

4.1 Users shall maintain the confidentiality of their login credentials and ensure that strong passwords and security practices are followed.

4.2 Users shall immediately notify Lahar at [email protected] if they suspect unauthorized access to their accounts or detect suspicious activity.

4.3 Content Creators and Institutional Users shall ensure that their Maker–Checker processes are secure and not bypassed for fraudulent purposes.

4.4 Users shall not attempt to probe, scan, or test the vulnerability of the Platform without prior written authorization from Lahar.

5. Responsible Disclosure of Vulnerabilities

5.1 Security researchers, Users, or third parties who identify vulnerabilities in the Platform are encouraged to report them responsibly to [email protected].

5.2 A valid disclosure must include:
a. A clear description of the vulnerability.
b. Steps to reproduce the vulnerability where possible.
c. Potential impact of the vulnerability.
d. Contact information of the reporter.

5.3 The reporter must not exploit, copy, alter, or delete data encountered during testing and must avoid any disruption to the Platform’s services.

5.4 Lahar commits to acknowledging vulnerability reports within seventy-two (72) hours and to providing updates on remediation efforts within a reasonable timeframe.

5.5 Reporters acting in good faith under this Policy shall not be subjected to legal action by Lahar for their responsible disclosure.

6. Prohibited Conduct

6.1 Users and researchers must not publicly disclose vulnerabilities before they have been fixed by Lahar.

6.2 Users must not exploit vulnerabilities to access, modify, or download data belonging to other Users or to Lahar.

6.3 Users must not attempt denial-of-service attacks, malware injection, or phishing campaigns against the Platform.

7. Incident Response and Breach Notification

7.1 In the event of a cybersecurity incident or breach, Lahar shall take immediate containment and mitigation measures, followed by investigation and remediation.

7.2 Lahar shall notify affected Users and, where legally required, regulators and authorities, including CERT-In within six (6) hours, the Data Protection Board of India under the DPDP Act, and other international authorities (e.g., EU regulators under GDPR within seventy-two (72) hours).

7.3 Lahar shall maintain incident logs and evidence for a minimum of five (5) years to ensure accountability and regulatory compliance.

8. Recognition for Responsible Disclosure

8.1 Lahar may, at its discretion, acknowledge and appreciate the contributions of security researchers who responsibly disclose vulnerabilities, subject to applicable law and internal approval.

8.2 No financial reward or bounty is guaranteed unless expressly stated in a separate Bug Bounty Program announced by Lahar.

9. Enforcement

9.1 Any violation of this Policy by Users may result in suspension or termination of accounts, forfeiture of revenues for monetized accounts, and reporting to law enforcement authorities.

9.2 Lahar reserves the right to pursue civil and criminal remedies against individuals or entities engaging in hacking, data breaches, or unauthorized access.

10. Updates to Policy

10.1 Lahar may revise this Policy periodically to reflect changes in technology, legal requirements, or security practices.

10.2 Users shall be notified of significant changes via email or Platform notifications. Continued use of the Platform after such updates constitutes acceptance of the revised Policy.

11. Contact

For reporting vulnerabilities, cybersecurity concerns, or questions regarding this Policy, please contact:

Lahar Networks Private Limited
D-365, West Vinod Nagar, East Delhi, Delhi 110092, India
Email: [email protected]