Introduction
At Mindlance, security and privacy are our top priorities. We appreciate and encourage responsible security research to identify vulnerabilities that could impact our systems, users, or data. This policy outlines how researchers can report vulnerabilities and how Mindlance commits to addressing them in a transparent and ethical manner.
Scope of the Policy
The following assets fall under this policy:
Category | Covered in Scope? | Examples |
Websites & Applications | ✅ Yes | Mindlance official site, client portals |
Internal Systems | ✅ Yes | Platforms handling sensitive data |
Third-party Services | ⛔ No | Services not directly controlled by Mindlance |
Social Media Accounts | ⛔ No | LinkedIn, Twitter, other brand pages |
Reporting Guidelines
Security researchers are expected to follow these steps when reporting vulnerabilities:
Preferred Disclosure Channels
Vulnerabilities should be reported via the official email id : ciso@mindlance.com
Mindlance’s Commitment to Security Researchers
Stage | Action Taken | Expected Timeframe |
Acknowledgment | Confirmation of receipt | Within 5 business days |
Assessment | Severity analysis | Within 7 business days |
Fix Deployment | Patching and updates | Based on risk level |
Researcher Credit | Optional public recognition | Upon resolution |
Legal Protections
Mindlance assures security researchers that:
Public Disclosure Process
Once a reported vulnerability is resolved, Mindlance may work with the researcher to disclose details of the issue and fix. This will be done responsibly to prevent exploitation.
Policy Amendments
Mindlance reserves the right to update this policy. The latest version will be available on our official website.
