1. Introduction
NGOFeed Digital Solution Private Limited ("Company," "we," "our," or "us") is committed to maintaining the security and reliability of CrawlSage, our AI-powered SEO auditing and website optimization platform.
We value the responsible disclosure of security vulnerabilities and encourage security researchers, customers, and members of the security community to report potential security issues responsibly.
This Vulnerability Disclosure Policy ("Policy") explains how to report security vulnerabilities and how the Company will respond.
2. Company Information
NGOFeed Digital Solution Private Limited
Product: CrawlSage
Website: https://crawlsage.com
Support Email: support@crawlsage.com
Security Email: security@crawlsage.com (recommended)
Legal Email: legal@crawlsage.com
Corporate Identification Number (CIN): U62099DL2024PTC435623
GSTIN: 07AAJCN8222D1ZK
Registered Office:
HNO-L-4, 1st Floor, Gaffar Manzil Part 2, Jamia Nagar, New Delhi, South Delhi – 110025, Delhi, India
3. Scope
This Policy applies to security vulnerabilities affecting CrawlSage services that are owned and operated by the Company.
Examples include:
- Website
- Dashboard
- Authentication systems
- APIs
- AI-powered features
- Subscription platform
- Public infrastructure owned by the Company
Third-party services are generally outside the scope of this Policy and should be reported directly to the relevant provider.
4. Responsible Disclosure
If you discover a potential security vulnerability, we ask that you:
- Report it to us as soon as reasonably possible.
- Provide sufficient detail for us to reproduce and investigate the issue.
- Allow us a reasonable opportunity to investigate and address the issue before publicly disclosing it.
- Avoid actions that could harm users, compromise data, or disrupt the Services.
5. Good Faith Research
We support good faith security research conducted in a responsible manner.
When acting in good faith under this Policy, we ask that you:
- Avoid accessing, modifying, or deleting data that does not belong to you.
- Do not intentionally disrupt the availability of the Services.
- Do not exploit vulnerabilities beyond what is reasonably necessary to demonstrate their existence.
- Respect the privacy of other users.
- Comply with applicable laws.
Provided these expectations are met, the Company does not intend to pursue legal action solely for responsible vulnerability reporting under this Policy.
6. Information to Include
To help us investigate efficiently, please include:
- A description of the vulnerability.
- The affected URL, endpoint, or feature.
- Steps to reproduce the issue.
- Proof-of-concept details, where appropriate.
- The potential security impact.
- Suggested mitigations, if available.
- Your contact information for follow-up.
Do not include sensitive personal information belonging to other users unless it is strictly necessary to demonstrate the issue.
7. Out of Scope
The following are generally outside the scope of this Policy:
- Social engineering attacks.
- Physical security issues.
- Denial-of-service (DoS or DDoS) attacks.
- Spam reports.
- Vulnerabilities affecting third-party services that are not controlled by the Company.
- Issues requiring unrealistic user interaction with no practical security impact.
- Automated scan reports without a demonstrated vulnerability.
- Reports based solely on missing security headers or best-practice recommendations without a demonstrable security impact.
The Company reserves the right to determine whether a report falls within the scope of this Policy.
8. Response Process
Upon receiving a vulnerability report, the Company will generally:
- Acknowledge receipt within a reasonable time.
- Review and assess the reported issue.
- Request additional information if necessary.
- Prioritize remediation based on risk.
- Notify the reporter when appropriate regarding the status or resolution.
Response and remediation timelines may vary depending on the complexity and severity of the reported issue.
9. No Bug Bounty
This Policy does not establish a bug bounty or vulnerability reward program.
The Company is under no obligation to provide monetary compensation, gifts, public recognition, or other rewards for vulnerability reports.
If the Company introduces a separate bug bounty program in the future, it will be governed by its own terms and conditions.
10. Confidentiality
The Company will make reasonable efforts to protect the confidentiality of vulnerability reports and the identity of reporters, subject to legal obligations and operational requirements.
We ask reporters not to publicly disclose vulnerabilities until the Company has had a reasonable opportunity to investigate and address them.
11. Changes to This Policy
The Company may update this Vulnerability Disclosure Policy from time to time.
Material changes will be reflected by updating the Last Updated date.
Continued use of the Services after the effective date of any revisions constitutes acceptance of the updated Policy.
12. Contact Us
To report a security vulnerability or ask questions about this Policy, please contact:
NGOFeed Digital Solution Private Limited
Product: CrawlSage
Website: https://crawlsage.com
Security Email: security@crawlsage.com (recommended)
Support Email: support@crawlsage.com
Legal Email: legal@crawlsage.com
Registered Office:
HNO-L-4, 1st Floor, Gaffar Manzil Part 2, Jamia Nagar, New Delhi, South Delhi – 110025, Delhi, India
Corporate Identification Number (CIN): U62099DL2024PTC435623
GSTIN: 07AAJCN8222D1ZK