Legal
Security & Responsible Disclosure
Last updated: 11 June 2026
1. Our Commitment
We take the security of this website and the personal data entrusted to us seriously. All traffic is encrypted in transit (TLS with HSTS), access to stored data is restricted by row-level security and role-based authentication, form submissions are verified and rate-limited, and analytics run only with your consent. We keep our software dependencies patched and review the site’s security posture regularly.
2. Reporting a Vulnerability
If you believe you have found a security vulnerability on this site, we would be grateful for a responsible report. Please email info@mcbee.in with:
- A description of the issue and where you found it (URL, parameter, or endpoint).
- Steps to reproduce it, including any relevant request/response details.
- The potential impact, as you understand it.
- A way to reach you for follow-up questions (and credit, if you would like it).
Machine-readable contact details are published at /.well-known/security.txt (RFC 9116).
3. What We Ask of Researchers
- Give us a reasonable opportunity to investigate and fix the issue before any public disclosure.
- Do not access, modify, or delete data that is not your own; use test data wherever possible.
- Do not run denial-of-service, spam, or social-engineering attacks against the site, our team, or our visitors.
- Do not pivot from this website into any connected system beyond what is needed to demonstrate the issue.
- Act in good faith and within applicable law, including the (Indian) Information Technology Act, 2000.
4. What You Can Expect From Us
- An acknowledgement of your report within 72 hours.
- An honest assessment of the issue and our intended timeline for a fix.
- No legal action against good-faith research conducted within the guidelines above.
- Credit for the find, if you would like it, once the issue is resolved.
We do not currently operate a paid bug-bounty programme; reports are handled on a good-faith, best-effort basis.
5. Scope
This policy covers the website at mcbee.in and its subdomains. Third-party services we integrate with (for example our hosting, database, e-mail, and analytics providers) operate their own security programmes — issues in those platforms should be reported to the respective vendor.
6. Personal-Data Incidents
If a confirmed vulnerability has exposed personal data, we will assess and act on our notification obligations under the Digital Personal Data Protection Act, 2023 and, where applicable, the GDPR. Privacy-specific concerns can also be raised through our grievance process or the data-request form.