Security Policy

1. Scope

This policy applies to security issues affecting:

• lifefinetechnology.com and related subdomains operated by LifeFine Technology with technology support from Nexudo Tech Solutions
• Our public website, customer-facing forms, and authenticated staff/admin areas
• APIs and backend services that support our digital operations

Issues in third-party services (hosting providers, payment gateways, social media platforms) should be reported to those vendors directly, though you may copy us if the issue also affects our users.

2. How to Report

Please send vulnerability reports to [email protected] with the subject line Security Vulnerability Report. Reports are reviewed by Nexudo Tech Solutions on behalf of LifeFine Technology.

You may copy [email protected] or call +91-9790206905 for urgent business escalation when customer data may be actively at risk.

Reports may be submitted in English or Tamil. We aim to acknowledge receipt within 3 business days.

3. What to Include

To help us investigate quickly, please include:

• A clear description of the vulnerability and its potential impact
• Step-by-step instructions to reproduce the issue
• The affected URL, endpoint, or component
• Screenshots, logs, or proof-of-concept code where helpful
• Your contact details if you would like follow-up (optional)

Please do not include live customer data in your report. Use test accounts or redacted examples whenever possible.

4. Rules of Engagement

When testing, please:

• Act in good faith and avoid privacy violations, data destruction, or service disruption
• Do not access, modify, or delete data that does not belong to you
• Do not perform denial-of-service attacks, spam, or social engineering against our staff or customers
• Do not publicly disclose the issue until we have had a reasonable opportunity to fix it
• Limit automated scanning so it does not degrade site performance for other users

We will not pursue legal action against researchers who report vulnerabilities in accordance with this policy, provided their activities are limited to good-faith security research.

5. Out of Scope

The following are generally considered out of scope:

• Missing security headers or cookie flags without demonstrated exploitability
• Reports from automated scanners without manual validation
• Clickjacking on pages with no sensitive actions
• Self-XSS, logout CSRF, or issues requiring unlikely user interaction
• Physical security, social engineering, or attacks against our staff's personal accounts
• Spam, phishing, or malware distribution unrelated to our infrastructure
• Vulnerabilities in outdated browsers or third-party software we do not control

6. Our Commitment

When you report a valid security issue, we will:

• Acknowledge your report and assign it for review
• Work to verify, prioritize, and remediate confirmed vulnerabilities
• Keep you informed of significant progress where contact details were provided
• Credit researchers who wish to be acknowledged on our security acknowledgements page after coordinated disclosure

We do not currently offer a paid bug bounty program. Recognition is provided at our discretion for meaningful reports that help protect our customers and systems.

7. Coordinated Disclosure

We ask that you give us at least 90 days to investigate and resolve a confirmed issue before any public disclosure, unless we agree on a shorter timeline. If we cannot fix a critical issue within that period, we will communicate the status and expected resolution date.

8. Related Policies

For questions about how we handle personal data, see our Privacy Policy. For website usage terms, see our Terms and Conditions.

9. Contact

Security reports: [email protected] (Nexudo Tech Solutions)

Business escalation: [email protected] · +91-9790206905

LifeFine office: 13F/IV North St, Thruthuraipoondi, Tamil Nadu 614713, India

Technology partner: Nexudo Tech Solutions