Security & Trust

Responsible Disclosure

Version: DISCLOSE-2026-07-08
Last updated: July 8, 2026.

1. Overview

TSP Scale takes the security of our platform and customer data seriously. If you believe you have found a security vulnerability in our service, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem. We appreciate researchers who act in good faith and provide sufficient time for investigation and remediation before public disclosure.

2. How to Report

Please submit your vulnerability report to: security@tspscale.in Include a detailed description of the vulnerability, steps to reproduce it, and any proof-of-concept code or screenshots. Do not include sensitive customer data in your report.

3. Scope

In-Scope: • Authentication/Authorization bypass • Cross-Site Scripting (XSS) • Cross-Site Request Forgery (CSRF) • SQL Injection (SQLi) • Server-Side Request Forgery (SSRF) Out-of-Scope: • Denial of Service (DoS) / DDoS attacks • Social engineering or phishing of our employees • Physical attacks against our offices or data centers • Vulnerabilities in third-party services not managed by TSP Scale

4. Expected Response

We will acknowledge receipt of your report within 48 hours. We will provide an estimated timeline for addressing the vulnerability and notify you when the issue is resolved.

5. Safe Harbor

If you conduct your security research and vulnerability disclosure in accordance with this policy, we will consider your actions authorized. We will not initiate legal action against you or ask law enforcement to investigate you.

6. Rules of Engagement

• Do not exploit a vulnerability further than necessary to establish its existence. • Do not intentionally degrade or disrupt our services (e.g., DoS). • Do not publicly disclose the vulnerability until we have resolved it. • Do not access, modify, or delete customer data.

© 2026 TSP Scale. All rights reserved.