Security Policy

At Agochar, security is a fundamental priority. We are committed to protecting the data and systems entrusted to us by our clients, partners, and users. This Security Policy outlines our approach to information security and our expectations for responsible disclosure of vulnerabilities.

Our Security Commitment

Agochar Tech LLP implements industry-standard security measures to protect all data processed through our systems and services. We continuously work to improve our security posture and maintain compliance with relevant standards.

Security Practices

Our security program includes:

• Encryption: All data in transit is encrypted using TLS 1.2 or higher. Sensitive data at rest is encrypted using AES-256.
• Access Control: Strict role-based access controls (RBAC) limit data access to authorized personnel only.
• Infrastructure Security: Our systems are hosted on secure, SOC 2 compliant cloud infrastructure with regular security audits.
• Code Security: All code undergoes security review and automated vulnerability scanning before deployment.
• Employee Training: All team members receive regular security awareness training.
• Incident Response: We maintain a documented incident response plan with defined escalation procedures.

Vulnerability Disclosure Program

We welcome security researchers and users to report potential vulnerabilities in our systems. We are committed to working with the security community to verify and address any issues responsibly.

Reporting a Vulnerability

If you believe you have discovered a security vulnerability, please report it to us by:

• Email: security@agochar.com
• Alternative: hello@agochar.com (mark as Security in subject)

What to Include

Please provide the following information in your report:

• Description of the vulnerability and its potential impact
• Steps to reproduce the issue
• Affected URLs, parameters, or components
• Proof-of-concept code or screenshots (if applicable)
• Your recommended remediation (optional)

Our Response

When you submit a vulnerability report, we commit to:

• Acknowledging receipt of your report within 48 hours
• Providing an initial assessment within 7 business days
• Keeping you informed of our progress
• Notifying you when the vulnerability is fixed
• Recognizing your contribution (if desired) on our acknowledgments page

Responsible Disclosure Guidelines

We ask that security researchers:

• Give us reasonable time to investigate and address the issue before public disclosure
• Avoid accessing or modifying data belonging to other users
• Do not perform actions that could impact service availability
• Do not use automated scanning tools that generate excessive traffic
• Act in good faith and avoid violating privacy or destroying data

Scope

This policy applies to:

• The main website: agochar.com
• Client-facing applications and APIs
• Associated subdomains

The following are out of scope:

• Social engineering attacks
• Physical security testing
• Third-party services we use but do not control
• Denial of Service (DoS/DDoS) attacks

Safe Harbor

We consider security research conducted in accordance with this policy to be authorized and will not pursue legal action against researchers who follow these guidelines. We will work with you to understand and resolve the issue quickly.

Compliance

Agochar maintains security practices aligned with industry standards including:

• OWASP Security Guidelines
• GDPR data protection requirements
• Industry best practices for secure software development

Contact

For security-related inquiries or to report a vulnerability:

• Security Team: security@agochar.com
• General Contact: hello@agochar.com
• Phone: +91 8488010818

This policy may be updated from time to time. Please check back periodically for any changes.