← Trust Center & Legal
Security

Responsible Disclosure Policy

Disclosure timelines and mutual commitments between researchers and Ecom10x.

Company: EcomSarthi Business Solutions LLP ("EcomSarthi", "we", "us", "our")
Product: Ecom10x — One Dashboard. Every Marketplace. (the "Platform" or "Service")
Effective Date: [EFFECTIVE_DATE — e.g., 1 August 2026] · Version: [VERSION — e.g., 1.0] · Next Review: [NEXT_REVIEW_DATE — e.g., 1 February 2027]

1. Relationship to the Vulnerability Disclosure Policy

The Vulnerability Disclosure Policy explains how to report; this Policy sets out the disclosure timeline and mutual commitments once a report is made. Together they form our coordinated disclosure programme.

2. Researcher Commitments

  • Report privately to [SECURITY_EMAIL — e.g., security@ecom10x.in] before any public statement.
  • Do not exploit an issue beyond the minimum needed to demonstrate it; do not exfiltrate data; delete any data received inadvertently and tell us.
  • Do not demand payment as a condition of disclosure (good-faith reporting is not ransom).
  • Comply with applicable law, including the Information Technology Act, 2000.

3. Our Commitments

  • We will not pursue legal action for good-faith research conducted under these policies.
  • We will investigate promptly, keep you updated, remediate according to severity, and notify affected customers where required under the Incident Response Policy and applicable law (including CERT-In directions).
  • We will not require indefinite silence: our default coordinated disclosure window is 90 days from triage, extendable by mutual agreement for complex fixes, and shorter if a fix ships earlier.

4. Public Disclosure

After remediation (or expiry of the agreed window), you may publish your findings. We ask that publications avoid step-by-step exploitation detail against unpatched deployments and any customer data.

5. No Warranty of Reward

Recognition is described in the Vulnerability Disclosure Policy; no monetary reward is promised or implied.

Governing Law & Dispute Resolution

This document is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, without regard to conflict-of-law principles.

Any dispute arising out of or in connection with this document shall first be attempted to be resolved amicably through good-faith negotiation within thirty (30) days of written notice. Failing amicable resolution, the dispute shall be referred to arbitration by a sole arbitrator appointed in accordance with the Arbitration and Conciliation Act, 1996. The seat and venue of arbitration shall be [JURISDICTION_CITY — e.g., New Delhi], India, and proceedings shall be conducted in English. Subject to the foregoing, the courts at [JURISDICTION_CITY — e.g., New Delhi], India shall have exclusive jurisdiction.

Contact

EcomSarthi Business Solutions LLP
[REGISTERED_OFFICE_ADDRESS OF ECOMSARTHI BUSINESS SOLUTIONS LLP]
Support: [SUPPORT_EMAIL — e.g., support@ecom10x.in] · Legal: [LEGAL_EMAIL — e.g., legal@ecom10x.in] · Phone: [SUPPORT_PHONE_NUMBER]