Security Vulnerability Disclosure Policy
At UXcue, we value the efforts of security researchers who help us keep our platform secure.
If you believe you have discovered a security vulnerability affecting our services, we encourage
you
to report it responsibly.
How to Report a Vulnerability
Please include as much information as possible, including:
- Description of the vulnerability
- Affected URL(s), endpoint(s), or service(s)
- Steps required to reproduce the issue
- Proof of concept or screenshots (if applicable)
- Your contact information for follow-up questions
Responsible Disclosure Guidelines
We ask that you:
- Act in good faith and avoid violating the privacy of our users.
- Do not access, modify, or delete customer data.
- Avoid actions that could disrupt or degrade our services.
- Do not perform denial-of-service (DoS/DDoS) attacks.
- Give us a reasonable opportunity to investigate and resolve the issue before public
disclosure.
Our Commitment
When you report a legitimate security issue, we will:
- Acknowledge receipt of your report.
- Review and investigate the issue promptly.
- Keep you informed of significant progress where appropriate.
- Work to resolve confirmed vulnerabilities in a timely manner.
Scope
This policy applies to services owned and operated by UXcue, including:
- UXcue.co.in
- castlestack.uxcue.co.in
- prism.uxcue.co.in
- rtls.uxcue.co.in
- Official APIs api.uxcue.co.in
- Official web applications
Out of Scope
The following activities are outside the scope of this policy:
- Social engineering or phishing attacks
- Physical attacks against infrastructure
- Spam or email abuse
- Denial-of-service attacks
- Automated scanning without evidence of an exploitable vulnerability
- Reports involving vulnerabilities in third-party services outside our control
Bug Bounty
UXcue currently does not operate a public bug bounty program.
Responsible disclosure is appreciated, but financial rewards are not guaranteed.
Legal Safe Harbor
We will not pursue legal action against researchers who make a good-faith effort to comply with
this policy,
avoid harming users or systems, and promptly report discovered vulnerabilities to us.
Last updated: July 2026