Vulnerability Disclosure Policy
Last updated: July 4, 2026
Quantamsecure Private Limited builds security products, and we hold ourselves to the standard we ask of our customers. If you believe you have found a security vulnerability in any Knowspams website, application or service, we want to hear from you — and we will work with you to resolve it quickly.
How to report
Email support@knowspams.com with as much of the following as you can:
- The affected URL, endpoint or product area
- Steps to reproduce the issue (proof-of-concept requests, screenshots or scripts)
- The impact you believe the issue has
- Your name or handle, if you would like public credit
Our machine-readable contact details are published at /.well-known/security.txt (RFC 9116).
What you can expect from us
- Acknowledgement of your report within 3 business days
- An assessment and expected remediation timeline within 10 business days
- Updates as we work on a fix, and confirmation when it ships
- Public credit for your finding, if you want it — we will not name you without your consent
- No legal action against research conducted in good faith under this policy
Ground rules for researchers
To keep testing safe for our customers and lawful for you, we ask that you:
- Act in good faith: avoid privacy violations, data destruction, and degradation of our services
- Access only the minimum data needed to demonstrate the issue — never view, alter or exfiltrate other users' data
- Do not run denial-of-service, spam or brute-force attacks
- Do not use social engineering, phishing or physical attacks against our staff, customers or infrastructure
- Give us reasonable time to remediate before disclosing anything publicly
Out of scope
- Findings on third-party services we use (report those to the vendor concerned)
- Missing security headers or best-practice flags without a demonstrable exploit
- Reports from automated scanners with no verified impact
- Clickjacking on pages with no sensitive actions
We do not currently operate a paid bug-bounty programme, but we deeply appreciate responsible disclosure and will acknowledge meaningful findings.