Login/Signup

Security Policy

1. Information

It’s important that RingMoney [RingMoney is a brand and trademark of Dakah Global Private Limited] can be contacted quickly and effectively regarding any security concerns or information relevant to the confidentiality, integrity, or availability of our systems, customers, and service partners.

We operate this responsible disclosure (bug bounty) policy to help security professionals and researchers alert us of any security concerns as quickly as possible and with minimal hassle.

2. Response Targets

RingMoney will make reasonable efforts to respond in a timely manner to any valid security submissions. We will:

  • Acknowledge your submission promptly.
  • Keep you informed of progress throughout the process.
  • Alert you if there are any delays in resolution.

3. Disclosure Policy

Please always act responsibly and in the best interests of RingMoney and our customers. In particular, please:

  • Do not break the law.
  • Do not use social engineering techniques, phishing, or physical attacks against our customers, infrastructure, or staff.
  • Do not perform any attack that could harm the reliability, confidentiality, or integrity of our systems, services, or data. (e.g., DoS or spam attacks are strictly prohibited).
  • Do not put any RingMoney or customer data at risk.
  • Do not make the bug public before it has been fixed.

When in doubt, please email us at [Input Needed – e.g., security@ringmoney.com].

When reporting an issue, please:

  • Be specific and detailed.
  • Highlight if the issue lies within third-party apps or integrations with RingMoney.
  • Provide a complete and secure submission (mask or encrypt sensitive data if necessary).
  • Reference existing vulnerability information if relevant.

Out-of-Scope areas and exceptions include:

  • DoS or DDoS attacks.
  • Destructive or performance-impacting tests.
  • Social engineering or phishing.
  • TLS configuration weaknesses or certificate issues.
  • Reports about missing security headers or “best practice” misalignments without direct exploitability.
  • Simple rate-limiting issues without real security impact.
  • Automated scanner output without actionable context.
  • Non-exploitable vulnerabilities.
  • Issues not pertaining to RingMoney assets.
  • Following these guidelines ensures your submission is treated as responsible disclosure and not an attack or extortion attempt.

4. Rewards

  • All confirmed vulnerabilities will be reviewed and may be awarded a bounty based on severity, business impact, and ease of exploit.
  • RingMoney’s internal security team will assess each submission individually.
  • We do not guarantee rewards for every submission. The decision on severity and reward amount (if any) will be final.

To be eligible for a reward, you must follow the rules in Section 5 below.

5. Rules

By submitting a report, you agree to comply with the following:

  • RingMoney’s Terms of Use and Privacy Policy.
  • Applicable sections of our Terms & Conditions and regulatory requirements.
  • Upon RingMoney’s request, you may be required to sign:
    • A Non-Disclosure Agreement (NDA), and
    • A Letter of Undertaking, confirming you have not downloaded, copied, or shared any sensitive information, and will not do so in the future.

Your submission should include:

  • A clear description and evidence of the vulnerability (screenshots, logs, response samples).
  • Detailed steps to reproduce the issue.
  • Platforms, operating systems, versions relevant to the bug.
  • IP addresses or URLs affected.
  • Any supporting evidence (logging, tracing, packet captures, etc.).
  • Your assessment of exploitability or impact.
  • Your name, role (if appropriate), and contact details.

Please preserve as much evidence as possible, as we may require it during verification.

We reserve the right to consider certain systems or subsites ineligible for bounty consideration.

6. Safe Harbour

Activities conducted in good faith and in line with this policy will not trigger legal action from RingMoney.

If a third party initiates legal action against you in connection with activities consistent with this policy, we will make it clear that your actions were conducted responsibly under this disclosure program.

7. Confidentiality

All non-public information about RingMoney’s systems, customers, or staff that comes into your possession during research must be treated as strictly confidential.

  • Such information must only be used for reporting to RingMoney.
  • Any unauthorized disclosure could harm our customers and business.
  • Making RingMoney’s confidential information public will be treated as a breach of this policy.

8. Submission

Please submit your findings to: hello@ringmoney.in

This policy exists entirely at our discretion and may be modified or cancelled at any time.

🙏 Thank you for helping keep RingMoney and our users safe!