Effective Date: 27-11-2024
WEB WORLD, the developer of the NearU app (“App”), is committed to maintaining the security and privacy of our users. We encourage responsible disclosure of security vulnerabilities to help us address potential risks and improve the security of the App.
If you discover a security issue or vulnerability in the NearU App, we appreciate your efforts to report it to us responsibly. This policy outlines the process for reporting vulnerabilities and how we handle security disclosures.
1. Reporting a Vulnerability
If you believe you have discovered a security vulnerability in the NearU App, please report it to us as soon as possible. We ask that you do not publicly disclose the vulnerability until it has been resolved.
To report a vulnerability, please send a detailed description to us at:
Email: security@nearu.in
When reporting a vulnerability, please include the following details:
- A clear description of the issue and steps to reproduce it.
- The impact and potential risks associated with the vulnerability.
- Any relevant screenshots, logs, or other technical information that can assist in verifying the issue.
2. What We Expect
To ensure safe and responsible disclosure, we request that you follow these guidelines:
- Don’t exploit the vulnerability: Do not exploit or abuse any vulnerabilities you discover. Your actions should be focused on understanding and reporting the issue, not on accessing or damaging data.
- Don’t access user data: Avoid accessing, modifying, or deleting any user data unless explicitly necessary to verify the vulnerability. Your testing should be non-invasive and ethical.
- Do not disrupt services: Refrain from disrupting services, servers, or networks, or causing any service outages that impact the users of the NearU App.
3. Our Commitment
Once you report a vulnerability, we commit to:
- Acknowledge receipt of your report within 72 hours.
- Investigate the issue and assess the risk as quickly as possible.
- Provide you with status updates and an estimated timeline for resolution.
- Address the vulnerability and work to fix it in a timely manner.
We aim to address most security vulnerabilities within 30 days, but more complex issues may take longer. We will notify you once the issue has been resolved.
4. Recognition and Rewards
As part of our commitment to security, we value and appreciate responsible disclosures. While we do not offer monetary rewards, we may recognize your contribution through a “Hall of Fame” listing or other forms of acknowledgment. If you would prefer not to be publicly recognized, please let us know when submitting your report.
5. Legal Considerations
WEB WORLD will not take legal action against individuals who responsibly disclose vulnerabilities according to this policy. However, if any individual violates laws during the discovery or disclosure process, or fails to follow the guidelines outlined in this policy, they may be subject to legal action.
6. Exclusions
This Responsible Disclosure Policy does not apply to:
- Social engineering (e.g., phishing, vishing, or physical attacks against our employees or contractors).
- Denial of service attacks or activities that could impact the availability of the NearU App or its infrastructure.
- Testing or scanning of third-party platforms, services, or websites that are integrated with the NearU App.
7. Contact Us
If you have any questions about this Responsible Disclosure Policy, or if you need assistance with reporting a security issue, please contact us at:
Email: security@nearu.in