Responsible Disclosure Policy

Return and Refund Policy

Last updated: November 24, 2024

Thank you for shopping at siliguri.store.

At Fashnear Technologies Private Limited (including its affiliates) (hereinafter referred to as ‘siliguri.store’), we appreciate and encourage security researchers to contact us to report potential vulnerabilities identified in any product, system, or asset belonging to us. In support, we have established a Responsible Disclosure Policy, also called a Vulnerability Disclosure Policy. This policy is designed to create a clear communication path around reporting and disclosing exploitable vulnerabilities in our systems. We may modify and revise this policy at our sole discretion as we move forward into the future; please continue to check here for updates.

Rules of Engagement

Researchers submitting a vulnerability to siliguri.store agree to be bound by the terms of the Responsible Disclosure Policy (hereinafter referred to as the ‘Terms’). What is in scope and out of scope when discovering vulnerabilities is clearly mentioned and specified in the sections below. Researchers shall ensure that they do not engage in privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data. Researchers should only use/exploit to the extent necessary to confirm a vulnerability. Researchers should not use or exploit to compromise or exfiltrate data, establish command line access and/or persistence, or use/exploit to “pivot” to other systems. Once a researcher establishes that a vulnerability exists, or encounters any sensitive data, the researcher shall stop any further testing and notify siliguri.store immediately. Researchers are required to keep any information about discovered vulnerabilities confidential even after submitting the vulnerability report. siliguri.store discourages violation of applicable laws and breach of any agreements in order to discover vulnerabilities and reserves the right to pursue legal action when the terms of this policy are violated or when testing is performed outside the scope of this policy. The decision made by our security team regarding validity, severity & impact of a vulnerability will be considered final and cannot be contested. siliguri.store may share your vulnerability reports with any affected partners, vendors or open source projects.

Authorization

If you make a good faith effort to comply with this policy during your security research, we will consider your research to be authorized, will work with you to understand and resolve the issue quickly, and siliguri.store will not initiate or recommend legal action related to your research. If the identified vulnerability can be used to potentially extract information of our customers or systems, or impair our systems' ability to function normally, then please refrain from actually exploiting such a vulnerability. This is absolutely necessary for us to consider your disclosure a responsible one. While we appreciate the inputs of researchers, we may take legal recourse if the identified vulnerabilities are exploited for unlawful gains or getting access to restricted customer or system information, or impairing our systems. While we appreciate the inputs of researchers, we may take legal recourse if the identified vulnerabilities are exploited for unlawful gains or getting access to restricted customer or system information or impairing our systems.

Policy Coverage Area

Following Mobile Apps and Websites under (or a sub-domain of) the domains are covered as part of this policy – siliguri.store siliguri.store siliguri.store Andriod App siliguri.store iOS App If you encounter any vulnerability on our systems while testing within the scope of this policy, stop your test and notify us immediately.

Out of Scope Vulnerabilities

General software related bugs (like SSL, older versions etc.) Vulnerabilities related to SPF/DMARC/DKIM records, which do not result in demonstrated compromise Missing security headers etc. or other security best practices, which do not result in demonstrated compromise Vulnerabilities related to outdated app versions or browsers – exploits/vulnerabilities related to current versions and only in the latest browser versions are accepted Exploits that need MITM or physical access to the victim’s device Clickjacking related submissions Unauthenticated/logout/login CSRF Previously known vulnerable libraries without a working Proof of Concept Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS Open redirect Missing CAA headers Stack traces, directory listings or path disclosure Self XSS Social engineering attacks, both against users or employees Issues on non-company assets like GitHub, Cloud Providers or others, which siliguri.store may be using Forgot Password page brute-force and account lockout not enforced Lack of Captcha Presence of application or web browser ‘autocomplete’ or ‘save password’ functionality Session Timeouts Host Header Injection Exposed API keys without clear demonstration of security impact Specifically, exposed Google Map APIs keys and keys in Android XML files are out of scope for now

  • By email: contact@siliguri.store

  • By visiting this page on our website: https://siliguri.store/help.php

  • By phone number: 9933007663

  • By mail: siliguri barivasha

How to report

The identified vulnerability should be reported to us by sending us a mail to contact@siliguri.store (Subject: Suspected Vulnerability at siliguri.store App/Website). The mail should follow the format below:

Contact Us

If you have any questions about our Returns and Refunds Policy, please contact us:

  • By email: contact@siliguri.store

  • By visiting this page on our website: https://siliguri.store/help.php

  • By phone number: 9933007663

  • By mail: siliguri barivasha