How to report security vulnerabilities and help us keep Fininvo secure for everyone
February 28, 2026
March 1, 2026
1.0
Never exploit vulnerabilities beyond what is necessary to demonstrate the issue.
This Responsible Disclosure Policy is published by Fininvo, a trade name of Prashbi Global Services Pvt. Ltd., a company incorporated under the laws of India (CIN: U52100KA2020PTC133490), with its registered office at Tholons Tower, 346 HIG, 17th Cross Rd, Dollars Colony, R.M.V. 2nd Stage, Bengaluru, Karnataka 560094, India. References to "Fininvo", "we", "us", or "our" in this document refer to Prashbi Global Services Pvt. Ltd..
At Fininvo, security is a top priority. We recognize that the security research community plays a vital role in helping us maintain the security and integrity of our platform. We welcome and encourage responsible security research conducted in good faith.
This Responsible Disclosure Policy outlines the guidelines for security researchers to report vulnerabilities, how we handle reports, and the protections we offer to researchers who follow these guidelines.
Our Commitment: We are committed to working collaboratively with the security community to address vulnerabilities promptly and transparently, keeping our platform secure for all users.
Please send vulnerability reports to security@fininvo.com. Encrypt sensitive reports using our PGP key, available upon request.
A clear and detailed description of the vulnerability, including the type and potential impact.
Step-by-step instructions to reproduce the vulnerability, including URLs, parameters, and payloads.
Your assessment of the severity and potential impact of the vulnerability on users or data.
Your name and email address so we can follow up, coordinate disclosure, and credit your work.
PGP Encryption: For sensitive vulnerability reports, we strongly recommend encrypting your email. Request our PGP public key by emailing security@fininvo.com with the subject "PGP Key Request."
When conducting security research in accordance with this policy, we consider your research to be authorized and will not initiate legal action against you. Specifically:
Good Faith Requirement: Safe harbor applies only to researchers who make a genuine effort to avoid privacy violations, service disruption, data destruction, and degradation of user experience during their testing.
We are committed to responding to vulnerability reports promptly and keeping researchers informed throughout the process.
We will confirm receipt of your report and assign a tracking ID.
Our security team will perform an initial triage and severity assessment.
We will keep you informed of progress and any questions during investigation.
We aim to fix and deploy patches before coordinated public disclosure.
We value the contributions of security researchers and believe in recognizing their efforts to make Fininvo more secure.
Public acknowledgment on our security page (with your permission)
Exclusive Fininvo merchandise for qualifying vulnerability reports
Recognition level based on vulnerability severity and impact
To ensure the safety and security of our users and systems, all security researchers must adhere to the following rules when conducting testing:
Do not access, download, or retain any user data beyond what is strictly necessary to demonstrate the vulnerability.
Do not perform any testing that could degrade, disrupt, or damage our services or infrastructure.
Do not access other users' accounts or data. Use only accounts you own or have explicit authorization to test.
If you discover sensitive data during testing, stop immediately, do not save any data, and report the finding right away.
Security Team
security@fininvo.comPGP Key
Available upon request
Registered Office
Prashbi Global Services Pvt. Ltd.
Tholons Tower, 346 HIG, 17th Cross Rd, Dollars Colony,
R.M.V. 2nd Stage, Bengaluru, Karnataka 560094, India
CIN
U52100KA2020PTC133490