Legal · Security
Last Updated · 18 · VII · MMXXVI
THE BLACK HOUSE

— Responsible Disclosure

Guard The House

A quiet invitation to security researchers. If you find something, tell us first — and we will listen carefully, respectfully, and act without delay.

Report A Vulnerability
§ 01

Our Commitment

The Black House values the security of our website, applications and customer information. If you discover a potential security vulnerability affecting theblackhouse.in or services operated by The Black House, we encourage responsible disclosure so that we can investigate and resolve the issue promptly.

§ 02

How To Report

Please email a detailed report to support@theblackhouse.in. Include your name, contact information, affected URL, reproduction steps, screenshots or videos, proof of concept where appropriate, and your assessment of the potential impact.

§ 03

Responsible Disclosure Guidelines

Researchers must act in good faith, avoid disrupting services, avoid accessing or modifying customer data, respect privacy, keep findings confidential until resolved, comply with applicable laws, and refrain from social engineering, phishing, denial-of-service attacks, malware, spam, or attempts to gain financial benefit from vulnerabilities. We request reasonable time to investigate and remediate issues before public disclosure.

§ 04

In Scope

theblackhouse.in, official subdomains operated by The Black House, future official mobile applications, APIs and systems directly managed by The Black House.

§ 05

Out Of Scope

Third-party services not controlled by The Black House, vulnerabilities without demonstrable security impact, UI or spelling issues, automated scanner reports without proof of concept, social engineering, physical attacks, denial-of-service testing, brute-force attacks, public information disclosures, browser-specific legacy issues and vulnerabilities requiring compromised devices.

§ 06

Recognition

The Black House currently does not operate a monetary bug bounty programme. We may, at our discretion, acknowledge responsible researchers or provide a certificate of appreciation after successful verification and remediation.

§ 07

Legal

Activities outside these guidelines may result in refusal of recognition and may be subject to applicable legal remedies. This policy does not authorize testing that violates law or infringes the rights of others.