Bug Bounty

Information security & management is a marathon, and we at INDmoney (“we”/ “us”) strive to ensure the safety & security of INDmoney customers through state-of-art processes, security frameworks, and regular audits. We also believe that a close partnership with security researchers on the latest trends to understand security threats and vulnerability identification creates a powerful ecosystem of security, making customers secure and confident to use the products and services along with all the impactful features.

Security researchers are part of our Tech ecosystem, helping us in tracking down the vulnerabilities that were missed or can be upgraded during the process of software development. If you are a security researcher who has found a vulnerability in any INDmoney product/platform - we would want to hear, learn and reward you.

Let the bug hunting begin!

How to report the bugs :

Submit the bugs by dropping an email at BugBounty@indmoney.com with detailed steps required to reproduce the vulnerability (Video & Screenshots). Note: Use Google Drive to share the Long Video POC. Don’t Use YouTube like Public Platforms.

Based on the severity, we will revert within 2-4 business days, and communicate whether the bug report was accepted/declined and the steps forward including the payment of the reward.

Scope of bug identification :

• indmoney.com and its sub-domains
• Apps: iOS & android
• API: indiawealth.in and its sub-domains
• cloud infrastructure platform

Guidelines

• Bug Bounty program is a private program and involves a lot of security frameworks to ensure proper management. Please take prior consent from INDmoney before disclosing the details outside of BugBounty@indmoney.com .
• You are at least 18 years old; and be the first to report the issue to us.
• Please ensure not to use open network ports, open services other than public HTTP Endpoints, etc. DoS and DDoS tests while identifying vulnerabilities.
• Do not have access to sensitive data or do not download /use data more than that is necessary in testing your vulnerability

Do not make any changes/modification without explicit prior permission of us

Reward Policy:

No effort should go without a reward. We love to reward security researchers in the form of Top US virtual stocks (Meta, Apple, Amazon, Tesla, etc.)*/equivalent cash awards along with a digital certificate of appreciation to showcase on your social network. There is more!! You may get chance to get listed on our esteemed Hall of Fame

We look forward to working with the security community to find vulnerabilities in order to keep our businesses and customers safe.

Note :- Bug bounty program is only for reporting security bugs which you may find on INDmoney platform. For reporting any generic/application related issue/s, please reach out to our Customer Service Team .