Responsible disclosure policy
In this policy, references to "Kriya","us", "we" and "our" mean Kriya Finance Limited, a company incorporated and registered in England and Wales, with registered company number 07330525 and with a registered address at 48-50 Scrutton Street,London, England, EC2A 4XQ.
Kriya takes the protection and privacy of our customers' data very seriously, and it is our highest priority. We, therefore, take the security of our systems extremely seriously, and we genuinely value the assistance of the security community in assisting us to keep all of our systems safe and secure. We therefore operate a responsible disclosure policy to allow you to quickly and effectively raise security concerns with the person who can address them.
If you believe you have identified a vulnerability, please read through the submission terms below and contact us. The terms below apply to any website, application or service distributed by or hosted by Kriya, or served under a domain owned by Kriya.
You can use our email address to alert us to:
- Vulnerabilities or breaches in our software or environments which threaten the confidentiality, integrity or availability of our data or our customers' data.
- Any "copycat" applications or phishing/vishing attacks against Kriya, our customers, contractors, or staff.
- Activity, discussion or data in any public forum which you believe constitutes a threat to Kriya or our customers.
We ask that you act responsibly and in the best interests of Kriya and our customers at all times.
- Do not put any Kriya or customer data at risk.
- Do not access, or attempt to access, data or information that does not belong to you.
- Please do not engage in any activity that may negatively affect Kriya or its customers.
- Do not break any laws or breach any agreements to discover vulnerabilities.
- Do not use social engineering techniques against our customers, contractors, or staff.
It is essential that your communication is a responsible disclosure, and not seen as an attack or extortion. Following the guidelines we have provided will help to ensure that. We act decisively on attacks and extortion attempts, including reporting them to the relevant authorities.
If you believe you've found a security vulnerability in one of our products or platforms, please report it by emailing our security team. By emailing or providing a disclosure to us, you agree to our Terms and Conditions and that we can use your submission and its contents to ensure the security, integrity and reliable operation of our technology and business.
Your submission should contain:
- Description of the location and potential impact of the vulnerability.
- Detailed steps to reproduce the issue.
- Any logs or other gathered materials which you have collected.
- Your name, role (if appropriate) and contact details.
We ask that you do not share or publicise an unresolved vulnerability with/to third parties. If you responsibly submit a vulnerability report, we will make reasonable efforts to respond quickly.
We do not offer any financial rewards for submissions, but we are happy to thank every individual researcher who submits a vulnerability report that helps us improve our overall security. We will not name anyone without their prior consent.
We are actively working to put a bug bounty program in place which will facilitate and regulate financial rewards for disclosures, but at this time, we cannot provide any monetary rewards.
Submit a disclosure
Anyone can report an information security issue using our dedicated email address: firstname.lastname@example.org