Help & Support

Policy

No technology is perfect, and People Interactive believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

Disclosure Policy

Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.

Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.

Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

Bounty Eligibility

• You must be 18 or older to be eligible to participate in this program/award.
• You must agree and adhere to the Program Rules and Legal terms as stated in this policy.
• You must be the first to report the issue in order to be eligible for bounty.
• You must be available to supply additional information, as needed by our team, to reproduce and triage the issue.
• Shaadi.com Partners, employees and their friends are not eligible for participation in this program.

Exclusions

• While researching, we'd like to ask you to refrain from:
• Denial of service
• Spamming
• Social engineering (including phishing) of People Interactive staff or contractors
• Any physical attempts against People Interactive property or data centers
• Contact information of the member received via any front-end feature working as desired e.g. a type of premium membership may allow free members to access to premium contact details. HTTP method enabled
• Outdated software/library versions
• Presence of autocomplete functionality in form fields
• Publicly accessible login panels
• Jailbreak Detection or Root Detection in case of Mobile Applications
• SSL Pinning in case of Mobile Applications

In Scope

• Android: Play Store             com.shaadi.android
• iOS: App Store            com.shaadi.iphone

Out Of Scope

• min.shaadi.com
• help.shaadi.com
• s18.shaadi.com

What to include in your report

A well written report will allow us to more quickly and accurately triage your submission. So please include:

• A clear description of the issue, including the impact you believe it has to the user, Shaadi.com, others.Specific reproduction steps including the environment used for testing (browsers, devices, tools, configuration) and any accounts used during testing.
• Your recommendations to resolve the issue.
• You can email your report at help@shaadi.com with the subject as "Bug Bounty" and your contact details mentioned in it.

Rewards

All bounty amounts will be at the discretion of the Shaadi.com Bug Bounty team, which will be evaluated for severity, impact, and quality of the report to determine the bounty level. There could be submissions which we accept the risk and will not fix.

Leaks entire database in one go - High

Bounty of INR 15,000 + Certificate of Appreciation

Leaks contact details one by one through trial and error - Medium

Bounty of INR 10,000 + Certificate of appreciation

Leaks contacts of 'accepted' members without payment - Low

Bounty of INR 5,000 + Certificate of Appreciation

Legal

Shaadi.com reserves the right to modify terms and conditions of this program and your participation in the program constitutes acceptance of all terms. Please visit this webs site regularly as we routinely update our program terms and its eligibility, which will be effective upon posting. We reserve the right to cancel this program at any time without any notice any obligation or any liability to anyone.

Safe Harbor

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

Thank you for helping keep People Interactive and our users safe!