Legal

Security & Responsible Disclosure Policy

How Raksham Labs handles cybersecurity practices, operational-security protections, vulnerability reporting, responsible disclosure, infrastructure safeguards, and security-related operational processes.

Last updated: 2026-05-11

1. Purpose

Raksham Labs is committed to maintaining commercially reasonable:

  • cybersecurity safeguards;
  • operational-security practices;
  • infrastructure protections;
  • access-control measures;
  • technical-security controls

across its:

  • products;
  • firmware;
  • software;
  • APIs;
  • telemetry systems;
  • dashboards;
  • communication systems;
  • embedded electronics;
  • operational infrastructure;
  • online services.

This Security & Responsible Disclosure Policy explains:

  • security-reporting procedures;
  • responsible disclosure expectations;
  • acceptable security-research conduct;
  • operational-security practices;
  • reporting workflows;
  • technical limitations;
  • security responsibilities.

2. Security approach

Raksham Labs implements commercially reasonable technical and organisational safeguards designed to support:

  • operational security;
  • infrastructure protection;
  • access control;
  • credential security;
  • secure communications;
  • service reliability;
  • lawful operational practices.

Security measures may include:

  • encrypted transport;
  • role-based access control;
  • credential-management safeguards;
  • infrastructure hardening;
  • audit logging;
  • access monitoring;
  • operational-security review;
  • abuse-prevention controls;
  • security-event monitoring.

Security controls, operational safeguards, infrastructure protections, APIs, dashboards, telemetry systems, and technical protections may evolve over time without notice.

While no system can guarantee absolute security, Raksham Labs continuously works to improve operational resilience, cybersecurity posture, and infrastructure protection.

Raksham Labs does not guarantee continuous monitoring of all systems or operational environments at all times.

3. Reporting security vulnerabilities

If you believe you have identified:

  • a security vulnerability;
  • operational-security concern;
  • exposed system;
  • credential exposure;
  • infrastructure issue;
  • firmware-security issue;
  • API vulnerability;
  • telemetry-system issue;
  • technical-security concern

please report it responsibly to:

security@rakshamlabs.com

Where reasonably possible, include:

  • affected system or product;
  • reproduction steps;
  • screenshots or logs;
  • proof-of-concept details;
  • severity assessment;
  • relevant technical information.

Reports should be submitted:

  • lawfully;
  • responsibly;
  • in good faith;
  • with reasonable technical detail sufficient for investigation.

Submission of a report does not guarantee:

  • acknowledgement;
  • remediation;
  • response timelines;
  • compensation;
  • operational disclosure.

4. Responsible disclosure expectations

Security researchers and reporters are expected to:

  • act lawfully;
  • avoid privacy violations;
  • avoid operational disruption;
  • avoid service degradation;
  • avoid destructive testing;
  • avoid data exfiltration;
  • avoid unlawful access;
  • avoid persistence mechanisms;
  • minimise operational impact.

Researchers are encouraged to provide a reasonable remediation period before any public disclosure of vulnerabilities.

Public disclosure may be coordinated with Raksham Labs where operationally appropriate.

Reported vulnerabilities, operational-security findings, technical-security concerns, remediation discussions, and related information may be treated as confidential security information.

Researchers must not:

  • exploit vulnerabilities for unlawful purposes;
  • publicly disclose vulnerabilities before reasonable remediation opportunity;
  • access unrelated data;
  • intentionally disrupt systems or infrastructure;
  • perform denial-of-service attacks;
  • conduct social engineering attacks;
  • introduce malware or malicious payloads;
  • access accounts or systems without authorisation;
  • target customer systems or deployments;
  • interfere with third-party infrastructure;
  • perform unauthorised hardware tampering;
  • conduct physical intrusion attempts;
  • test manufacturing or supply-chain partners without written authorisation.

Unauthorised:

  • penetration testing;
  • stress testing;
  • load testing;
  • abusive automated scanning;
  • infrastructure disruption;
  • telemetry abuse;
  • RF disruption testing

is prohibited unless expressly authorised in writing by Raksham Labs.

Security protections, firmware-integrity mechanisms, infrastructure controls, operational safeguards, or protected technical systems may not be bypassed unlawfully.

Security research is conducted at the researcher's own risk.

5. Safe-harbour intent

Where security research is conducted:

  • lawfully;
  • responsibly;
  • in good faith;
  • in compliance with this Policy

Raksham Labs generally does not intend to pursue legal action solely for responsible disclosure activity.

This statement does not:

  • grant authorisation for unlawful access;
  • waive legal rights;
  • permit privacy violations;
  • permit operational disruption;
  • override applicable law;
  • authorise prohibited testing activity.

6. No bug bounty program

Unless expressly stated otherwise in writing, Raksham Labs does not currently operate:

  • a bug bounty program;
  • guaranteed vulnerability rewards;
  • guaranteed compensation programs.

Submission of a vulnerability report does not create entitlement to:

  • payment;
  • compensation;
  • employment;
  • partnership;
  • ongoing access;
  • commercial relationship.

7. Operational-security restrictions

Security research must not:

  • interfere with operational infrastructure;
  • compromise user privacy;
  • affect product reliability;
  • disrupt telemetry systems;
  • disrupt APIs or dashboards;
  • affect service availability;
  • interfere with operational-security systems;
  • impact third-party systems.

Testing involving:

  • radio-frequency systems;
  • telemetry infrastructure;
  • communication systems;
  • embedded electronics;
  • firmware systems

must comply with applicable:

  • telecom laws;
  • cybersecurity regulations;
  • radio-frequency restrictions;
  • operational-security obligations;
  • export-control restrictions.

Products, APIs, telemetry systems, dashboards, infrastructure systems, or operational environments may not be used for:

  • unlawful RF interference;
  • signal disruption;
  • unlawful interception;
  • prohibited surveillance activity.

8. Third-party systems and dependencies

Certain:

  • APIs;
  • dashboards;
  • telemetry systems;
  • communication systems;
  • infrastructure services;
  • cloud systems

may depend on third-party providers or infrastructure systems.

Raksham Labs is not responsible for:

  • third-party infrastructure availability;
  • third-party vulnerabilities;
  • third-party outages;
  • third-party operational-security practices;
  • third-party compatibility limitations.

Third-party providers maintain their own independent:

  • security practices;
  • operational procedures;
  • privacy controls

governed by their respective policies.

Certain vulnerabilities, operational-security issues, or infrastructure incidents may require coordination with third-party providers for remediation or mitigation.

9. Security updates and remediation

Raksham Labs may:

  • investigate reported issues;
  • deploy mitigations;
  • modify infrastructure;
  • restrict access;
  • suspend operational systems;
  • suspend APIs;
  • suspend dashboards;
  • suspend telemetry services;
  • update firmware;
  • modify APIs or dashboards

where operationally necessary.

Operational access, infrastructure systems, APIs, dashboards, telemetry systems, or firmware services may be restricted during active:

  • cybersecurity incidents;
  • infrastructure-security events;
  • operational-security investigations;
  • compliance incidents.

Security updates, firmware modifications, infrastructure protections, compatibility requirements, or operational safeguards may:

  • modify functionality;
  • affect compatibility;
  • change operational behaviour;
  • restrict technical access.

Raksham Labs does not guarantee:

  • permanent backward compatibility;
  • uninterrupted service availability;
  • continuous feature availability;
  • uninterrupted API availability;
  • uninterrupted telemetry access;
  • continuous firmware support.

Features, firmware versions, APIs, dashboards, telemetry systems, infrastructure systems, or technical capabilities may be:

  • modified;
  • deprecated;
  • discontinued;
  • regionally restricted

over time.

10. Export-control and lawful-use compliance

Security research, technical access, operational interaction, firmware analysis, infrastructure interaction, and testing activity must comply with:

  • export-control laws;
  • sanctions regulations;
  • cybersecurity laws;
  • telecom regulations;
  • privacy obligations;
  • operational-security requirements.

Products, systems, APIs, dashboards, telemetry systems, firmware, or operational services may not be used for:

  • unlawful surveillance;
  • unlawful interception;
  • cybercrime;
  • export-control violations;
  • prohibited operational activity;
  • unlawful intelligence gathering.

Additional obligations are described in our Export Compliance Policy.

11. Logging, monitoring, and investigation

Operational activity, infrastructure interaction, telemetry interaction, security events, API access, technical-access activity, or dashboard interaction may be logged for:

  • cybersecurity purposes;
  • operational-security monitoring;
  • abuse prevention;
  • fraud prevention;
  • infrastructure protection;
  • lawful compliance purposes.

Raksham Labs reserves the right to:

  • investigate suspected abuse;
  • investigate operational-security concerns;
  • restrict technical access;
  • suspend operational access;
  • suspend services;
  • block abusive activity;
  • cooperate with lawful investigations.

Users remain responsible for securing:

  • operational environments;
  • credentials;
  • authentication systems;
  • deployment infrastructure;
  • local networks;
  • API keys;
  • operational-access systems.

12. Limitation of liability

Raksham Labs shall not be liable for:

  • independent security-research activity;
  • misuse of disclosed information;
  • third-party infrastructure failures;
  • operational interruption;
  • compatibility impacts resulting from security updates;
  • unauthorised testing activity;
  • prohibited operational activity;
  • infrastructure misuse.

13. No waiver and severability

Failure to enforce any provision of this Policy shall not constitute waiver of rights.

If any provision is determined unenforceable, remaining provisions remain in full force and effect.

14. Relationship with other policies

This Policy operates together with:

Nothing in this Policy creates:

  • partnership;
  • agency relationship;
  • representative arrangement;
  • joint venture

between Raksham Labs and any third party.

15. Changes to this Policy

Raksham Labs may update this Security & Responsible Disclosure Policy periodically to reflect:

  • operational developments;
  • infrastructure changes;
  • cybersecurity practices;
  • legal obligations;
  • product evolution;
  • operational-security requirements.

Updated versions become effective upon publication.

English-language versions shall control in the event of translation inconsistencies or interpretation conflict.

16. Governing law and jurisdiction

This Policy is governed by the laws of India.

Subject to applicable law, disputes relating to this Policy shall fall under the jurisdiction of courts located in Prayagraj, Uttar Pradesh, India.

17. Contact

Security reports and responsible disclosure enquiries: security@rakshamlabs.com.

General enquiries: hello@rakshamlabs.com or through the contact page.