1. Purpose
This Security Policy outlines how ACPL manages vulnerability disclosures, security communications, and
researcher engagement. Our goal is to protect users, data, and services by encouraging responsible reporting and
timely remediation of security issues.
2. Scope
This policy applies to:
- All ACPL web properties, including www.acpl.in.net.
- Associated APIs, applications, and services hosted under the ACPL domain.
- Any third-party integrations where ACPL is the data controller.
3. Reporting Vulnerabilities
We encourage security researchers to report vulnerabilities responsibly.
Primary Contact:
Email: ketan@acpl.in.net
Preferred Languages: English, Hindi
4. Disclosure Guidelines
- Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue.
- Do not access, modify, or delete data belonging to others.
- Do not disrupt services or perform denial-of-service testing.
- Provide clear, reproducible steps when reporting.
5. Our Commitment
- We will acknowledge receipt of your report within 72 hours.
- We will provide updates on remediation progress.
- We will notify you when the issue is resolved.
- If applicable, we may publicly credit researchers (with consent) on our Acknowledgments page.
6. Safe Harbor
Researchers acting in good faith under this policy will not face legal action from ACPL.
We consider vulnerability research and reporting within these guidelines to be authorized.
7. Policy Updates
This policy is reviewed annually and updated as needed.
Effective Date: February 2026
Next Review Date: February 2027
