Security Division
Responsible Disclosure Program
Last revised: June 30, 2026
1. Program Rules & Safe Harbor
We believe in coordination with independent security analysts. If you act in compliance with these guidelines while investigating systems vulnerabilities:
- We will not initiate legal action or complain to regulatory agencies.
- We will cooperate with you to verify and remediate bugs.
- We will credit your security contribution inside our changelogs and update logs.
2. Reporting Requirements & Submission
If you identify a vulnerability in our Kotlin client app, signalling servers, or cloud storage blocks, please email a detailed report (including Proof of Concept scripts and step-by-step reproduction steps) to:
security@abhayastra.com
For sensitive disclosures, encrypt your email using our PGP public key (Key ID: 0xABHAYASTRA7A00).
3. Out of Scope Testing Activities
The following activities are strictly prohibited and fall outside of our Safe Harbor program:
- Denial of Service (DoS/DDoS) attacks against routing nodes.
- Social engineering or phishing of users, guardians, or developers.
- Physical intrusion of storage offices or signaling datacenters.