Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

deny icon
Deny
allow icon
Accept

Responsible disclosure policy

In this policy, references to "Kriya","us", "we" and "our" mean Kriya Finance Limited, a company incorporated and registered in England and Wales, with registered company number 07330525 and with a registered address at 48-50 Scrutton Street,London, England, EC2A 4XQ.

Values

Kriya takes the protection and privacy of our customers' data very seriously, and it is our highest priority. We, therefore, take the security of our systems extremely seriously, and we genuinely value the assistance of the security community in assisting us to keep all of our systems safe and secure. We therefore operate a responsible disclosure policy to allow you to quickly and effectively raise security concerns with the person who can address them.

Policy

If you believe you have identified a vulnerability, please read through the submission terms below and contact us. The terms below apply to any website, application or service distributed by or hosted by Kriya, or served under a domain owned by Kriya.

You can use our email address to alert us to:

  • Vulnerabilities or breaches in our software or environments which threaten the confidentiality, integrity or availability of our data or our customers' data.
  • Any "copycat" applications or phishing/vishing attacks against Kriya, our customers, contractors, or staff.
  • Activity, discussion or data in any public forum which you believe constitutes a threat to Kriya or our customers.

Responsibilities

We ask that you act responsibly and in the best interests of Kriya and our customers at all times.

  • Do not put any Kriya or customer data at risk.
  • Do not access, or attempt to access, data or information that does not belong to you.
  • Please do not engage in any activity that may negatively affect Kriya or its customers.
  • Do not break any laws or breach any agreements to discover vulnerabilities.
  • Do not use social engineering techniques against our customers, contractors, or staff.

It is essential that your communication is a responsible disclosure, and not seen as an attack or extortion. Following the guidelines we have provided will help to ensure that. We act decisively on attacks and extortion attempts, including reporting them to the relevant authorities.

Disclosure

If you believe you've found a security vulnerability in one of our products or platforms, please report it by emailing our security team. By emailing or providing a disclosure to us, you agree to our Terms and Conditions and that we can use your submission and its contents to ensure the security, integrity and reliable operation of our technology and business.

Your submission should contain:

  • Description of the location and potential impact of the vulnerability.
  • Detailed steps to reproduce the issue.
  • Any logs or other gathered materials which you have collected.
  • Your name, role (if appropriate) and contact details.

Response

Commitment

We ask that you do not share or publicise an unresolved vulnerability with/to third parties. If you responsibly submit a vulnerability report, we will make reasonable efforts to respond quickly.

Recognition

We do not offer any financial rewards for submissions, but we are happy to thank every individual researcher who submits a vulnerability report that helps us improve our overall security. We will not name anyone without their prior consent.

We are actively working to put a bug bounty program in place which will facilitate and regulate financial rewards for disclosures, but at this time, we cannot provide any monetary rewards.

Submit a disclosure

Anyone can report an information security issue using our dedicated email address: disclosure@kriya.co