ABHAYASTRA Logo
Security Division

Responsible Disclosure Program

Last revised: June 30, 2026

1. Program Rules & Safe Harbor

We believe in coordination with independent security analysts. If you act in compliance with these guidelines while investigating systems vulnerabilities:

  • We will not initiate legal action or complain to regulatory agencies.
  • We will cooperate with you to verify and remediate bugs.
  • We will credit your security contribution inside our changelogs and update logs.

2. Reporting Requirements & Submission

If you identify a vulnerability in our Kotlin client app, signalling servers, or cloud storage blocks, please email a detailed report (including Proof of Concept scripts and step-by-step reproduction steps) to:

security@abhayastra.com

For sensitive disclosures, encrypt your email using our PGP public key (Key ID: 0xABHAYASTRA7A00).

3. Out of Scope Testing Activities

The following activities are strictly prohibited and fall outside of our Safe Harbor program:

  • Denial of Service (DoS/DDoS) attacks against routing nodes.
  • Social engineering or phishing of users, guardians, or developers.
  • Physical intrusion of storage offices or signaling datacenters.