Back to Operations Hub
Legal & Compliance

Vulnerability Disclosure & Bug Bounty Policy

Last compliance update: May 24, 2026 | Fully Reconciled

InvenIQ welcomes security researchers and ethical hackers to audit our cloud ledger servers, POS APIs, and dynamic dashboard webapps. We operate under strict Safe-Harbor terms to protect researchers who report security flaws.

Core Operational Compliance Guidelines:

Zero Disruption: Testing must not disrupt live merchant POS transactions, alter stock depletion counts, or extract sensitive customer PII logs.
Safe Harbor: We pledge not to initiate legal action against researchers who discover and report vulnerabilities in accordance with our ethical boundaries.
Disclosure Window: Security researchers must allow InvenIQ a 60-day private remediation window before publicly disclosing any vulnerability.
Bounty Program: Eligible high-severity vulnerabilities (SQLi, Auth Bypass, Remote Code Execution) qualify for recognition and rewards.

Statutory Legal Practise & Redressal Notice

Reporting Security Flaws: If you believe you have discovered a vulnerability, please encrypt your payload details and email them directly to our security coordinator, Suryansh, at suryansh.hq@gmail.com. We aim to acknowledge reports within 24 hours.

Official Grievance Desk:suryansh.hq@gmail.com
ISO 27001 RECONCILED