← Back to Legal & Policies

Security & Responsible Disclosure

At 3Ding (REDDX Technologies Pvt. Ltd.) we welcome good-faith security research and value reports that help us protect our customers, their orders, and their data. If you believe you have found a security vulnerability in any of our services, we want to hear from you and we will work with you to understand and resolve the issue.

How to Report

Please email us at [email protected]. To help us investigate quickly, include as much of the following as you can:

The affected URL, endpoint, or component
Clear, step-by-step instructions to reproduce the issue
The impact you believe the issue has
Your name or handle and how we can reach you

Both encrypted and plain-text reports are fine. If you would like to encrypt your report, let us know and we will share a key.

Our Commitments

When you report an issue in line with this policy, we will acknowledge receipt promptly, investigate the report, and keep you updated on our progress. We will work to fix valid issues in a reasonable timeframe and, if you wish, we will publicly credit you for the discovery once the issue has been resolved.

Safe Harbour

We will not pursue or support legal action against security researchers who act in good faith and who follow this policy. We consider activity conducted under this policy to be authorised, and we will work with you to understand and resolve the issue quickly.

Scope

This policy covers 3ding.in, its subdomains, and our public APIs. The following are out of scope:

Denial-of-service or volumetric testing
Social engineering of our staff or customers
Physical attacks against our offices, facilities, or people
Spam, and noise from automated scanners without a demonstrated, reproducible vulnerability

Ground Rules

To keep research safe for everyone, please:

Only test against your own accounts and data
Never access, modify, or destroy other users' data
Do not degrade or disrupt the service for others
Give us a reasonable window to remediate before any public disclosure
Do not demand payment in exchange for withholding disclosure of an issue

Recognition

For a valid, previously-unknown issue that is disclosed responsibly under this policy, we may offer a token of appreciation entirely at our discretion. We do not run a paid bug bounty program, and we do not make any payments before reviewing a written report. There is no guaranteed monetary reward.