No technology is perfect, and People Interactive believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.
Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.
You must be 18 or older to be eligible to participate in this program/award.
You must agree and adhere to the Program Rules and Legal terms as stated in this policy.
You must be the first to report the issue in order to be eligible for bounty.
You must be available to supply additional information, as needed by our team, to reproduce and triage the issue.
Shaadi.com Partners, employees and their friends are not eligible for participation in this program.
While researching, we'd like to ask you to refrain from:
Denial of service
Social engineering (including phishing) of People Interactive staff or contractors
Any physical attempts against People Interactive property or data centers
Contact information of the member received via any front-end feature working as desired e.g. a type of premium membership may allow free members to access to premium contact details. HTTP method enabled
Outdated software/library versions
Presence of autocomplete functionality in form fields
Publicly accessible login panels
Jailbreak Detection or Root Detection in case of Mobile Applications
SSL Pinning in case of Mobile Applications
Android: Play Storecom.shaadi.android
iOS: App Storecom.shaadi.iphone
Out Of Scope
What to include in your report
A well written report will allow us to more quickly and accurately triage your submission. So please include:
A clear description of the issue, including the impact you believe it has to the user, Shaadi.com, others.Specific reproduction steps including the environment used for testing (browsers, devices, tools, configuration) and any accounts used during testing.
Your recommendations to resolve the issue.
You can email your report at email@example.com with the subject as "Bug Bounty" and your contact details mentioned in it.
All bounty amounts will be at the discretion of the Shaadi.com Bug Bounty team, which will be evaluated for severity, impact, and quality of the report to determine the bounty level. There could be submissions which we accept the risk and will not fix.
Leaks entire database in one go - High
Bounty of INR 15,000 + Certificate of Appreciation
Leaks contact details one by one through trial and error - Medium
Bounty of INR 10,000 + Certificate of appreciation
Leaks contacts of 'accepted' members without payment - Low
Bounty of INR 5,000 + Certificate of Appreciation
Shaadi.com reserves the right to modify terms and conditions of this program and your participation in the program constitutes acceptance of all terms. Please visit this webs site regularly as we routinely update our program terms and its eligibility, which will be effective upon posting. We reserve the right to cancel this program at any time without any notice any obligation or any liability to anyone.
Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
Thank you for helping keep People Interactive and our users safe!
We are Back! Our phone services have resumed and you can now call us between 10am - 7pm (IST). You may experience marginally longer wait times in this period, but that will be fixed soon. For Instant Support, we recommend that you connect with us on Chat & we will be there to assist you. #StrongerTogether