Krishna Naturals Logo
🛡️

Security & Bug Bounty

We take the security of our platform and your data very seriously.

🔒 Our Security Practices

🔐

HTTPS Everywhere

All data transmitted between your browser and our servers is encrypted using TLS 1.3 with HSTS preloading.

🛡️

Security Headers

We enforce Content-Security-Policy, X-Frame-Options, X-XSS-Protection, and strict Referrer-Policy on every page.

🔑

Secure Authentication

We use Firebase Authentication with Google OAuth 2.0, magic links, and secure session cookies (HttpOnly, SameSite, Secure).

💳

PCI-Compliant Payments

All payments are processed securely through Razorpay. We never store your card details on our servers.

🗃️

Database Security

Our database is protected with Row Level Security (RLS) policies, ensuring users can only access their own data.

📧

Email Security

Transactional emails are sent via Resend with SPF, DKIM, and DMARC authentication on our domain.

🚫

No Technology Fingerprinting

We disable the X-Powered-By header to prevent attackers from identifying our tech stack.

🐛 Responsible Disclosure & Bug Bounty

We value the security community and encourage responsible disclosure of any vulnerabilities found on our platform. If you discover a security issue, we kindly ask you to follow our disclosure policy below.

In Scope

  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • SQL Injection & NoSQL Injection
  • Authentication / Authorization bypass
  • Server-Side Request Forgery (SSRF)
  • Insecure Direct Object References (IDOR)
  • Sensitive data exposure
  • Remote Code Execution (RCE)

Out of Scope

  • Rate limiting / brute force without demonstrable impact
  • Missing cookie flags on non-session cookies
  • Email spoofing / SPF / DKIM misconfigurations (report separately)
  • Denial of Service (DoS / DDoS) attacks
  • Social engineering attacks on employees
  • Physical security attacks

How to Report

Send your findings to:

security@krishnanaturals.co.in

Please include a detailed description, steps to reproduce, screenshots/video proof, and the potential impact of the vulnerability.

Our Commitment

  • We will acknowledge your report within 48 hours.
  • We will investigate and provide a timeline for resolution.
  • We will credit you publicly (with your permission) in our Security Hall of Fame.
  • We will not pursue legal action against researchers acting in good faith.
  • 🎁 Qualifying reports may be eligible for a reward at our discretion.

🏆 Security Hall of Fame

No reports yet. Be the first to responsibly disclose a vulnerability and get featured here!

Last updated: May 2026 • Krishna Naturals Security Team