General Rules - Do’s & Don’t
Do not launch Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.
Automated tools or scripts are strictly prohibited.
Any POC submitted should have a proper step-by-step guide to reproduce the issue. As stated above, abuse of any vulnerability found shall be liable for legal penalties.
Make every effort to avoid - privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing.
Do not attempt to gain access to any other person’s account, data or personal information.
Do use their real email address to report any vulnerability information to us.
Keep information about any vulnerabilities you have discovered confidential between yourself and Dharmag Sports. The Researcher shall not publicly disclose the bug or vulnerability on any online or physical platform before it is fixed and prior written approval to publicly disclose obtained from Dharmag Sports.
Do not use scanners or automated tools to find vulnerabilities.
As a security researcher, you represent and warrant that you have the right, title and interest to disclose any vulnerability found and to submit any information, including documents, codes, among others, in connection therewith. Once you inform a vulnerability, you grant Dharmag Sports, its subsidiaries and affiliates an irrevocable, worldwide, royalty-free, transferable, sublicensable right to use in any way Dharmag Sports deems appropriate for any purpose. Further, you hereby waive all other claims of any nature, including express contract, implied-in-fact contract, or quasi-contract, arising out of any disclosure accepted by Dharmag Sports.
Do not attempt non-technical attacks such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure.
How to report
The identified vulnerability should be reported to us by sending us a mail to dharmagsportspvtltd@gmail.com (Subject: Suspected Vulnerability at www.dharmagsports.com Website). The mail should follow the format below:
Individual Details:
Full Name
Mobile Number
Any Public profile (Twitter, LinkedIn, Github etc.)
Bug Details:
Name of the Vulnerability
Affected Application
Vulnerable Endpoint & Parameter
Impact
Detailed steps to reproduce
Remediation
Please keep your vulnerability reports current by sending us any new information as it becomes available. We may share your vulnerability reports with any affected partners, vendors or open-source projects.
Privacy Policy
The www.dharmagsports.com website (“Platform”) are made available to you by Dharmag sports (hereinafter may be referred to as the ‘Company’, ‘We’, ‘Us’, and ‘Our’). We respect your privacy and are committed to protecting it through compliance with this privacy policy (“Privacy Policy”/“Policy”). This Policy amongst other things describes: (i) the type of information that the Company may collect from you when you access or use its websites, applications and other online services (hereinafter collectively referred to as the ‘Services’); and, (ii) the Company’s practices for collecting, using, maintaining, protecting and disclosing that information.
We encourage you to read this Policy carefully to understand the Company's policies and practices regarding your information. By accessing or using Our Services and/or registering for an account with the Company, you expressly agree to be bound by the terms and conditions of this Privacy Policy and you are consenting to the Company's collection, use, disclosure and retention of your personal information as described here.
This Policy is incorporated into and subject to Our Terms and shall be read harmoniously and in conjunction with the Terms. All capitalized terms used and not defined in this Policy shall have the meaning ascribed to them under the Terms. This Policy is an electronic record under the Indian data privacy laws including the Information Technology Act, 2000 read with rules and regulations made thereunder and will not require any physical, electronic, or digital signature by the Company or You.
This Policy may change from time to time, your continued use of the Company's Services after it makes any change is deemed to be acceptance of those changes, so please check the Policy periodically for updates.
Applicability of the Policy
This Policy applies only to the information the Company collects through its Services, in email, text and other electronic communications sent through or in connection with its Services.
This Policy does not apply to the information that you provide to, or that is collected by, any third-party, that you use in connection with its Services. The Company encourages you to consult directly with such third-parties about their privacy practices.
Collection of the information
Some of Our Services may be used without revealing any personal information, and for other Services, personal information is required. We may also collect ‘Non-Personal Information’ (i.e., information that cannot be used to identify you). Non-Personal Information includes information like the web pages that you have viewed. In order to access certain features and benefits on Our Services, you may need to submit ‘Personally Identifiable Information’ i.e., information that can be used to identify you (as described below). Inaccurate information may affect your ability to use the Services, the information you receive when using the Services, and Our ability to contact you. For example, your email address and contact number should be kept valid because these may be the primary channels through which We communicate with you. You are responsible for ensuring the accuracy of the Personally Identifiable Information you submit to the Company.
The Company collects several types of information from and about users of Our Services, including: (i) Your Personal Information- Personal Information is the information that can be associated with a specific person and could be used to identify that specific person whether from that data, or from the data and other information that We have, or is likely to have access to. We do not consider personal information to include information that has been made anonymous or aggregated so that it can no longer be used to identify a specific person, whether in combination with other information or otherwise. Personally Identifiable Information can include, but not be limited to, information such as your name, email address, contact number (cellular and landline), educational qualification(s), occupation, date of birth, marital status, monthly income, city and state of residence, marital status, number of children, employer details, Aadhaar number, PAN, social security and tax identification numbers, and post-qualification or work experience among other things; and/or (ii) Information about your internet connection, the equipment you use to access Our Services and your usage details.
We may collect this information either (i) directly from you when you provide it to us; (ii) automatically as you navigate through Our Services (information collected automatically may include usage details, IP addresses and information collected through cookies, web beacons and other tracking technologies); and/or (iii) from any other source of information including from other third party sources, such as updated delivery and address information from Our carriers, which We use to correct Our records and deliver your next purchase more easily.
Information you provide to us.
Your account information: Your full name, email address, postal code, password and other information you may provide with your account, such as your gender, mobile phone number and website. Your profile picture (if any) that will be publicly displayed as part of your account profile. You may optionally provide Us with this information through third-party sign-in services such as Facebook and Google Plus. In such cases, We fetch and store whatever information is made available to Us by you through these sign-in services.
We use the information you provide to Us to analyse and enhance the functionality and improve the quality of Our Services, and to personalize your experience while using Our Services. We also use this information to display relevant advertising, provide support to you, communicate with you, and comply with Our legal obligations.
Information We may automatically collect include but may not be limited to the following.
We may automatically collect certain information about the computer or devices (including mobile devices) you use to access the Services, and about your use of the Services, even if you use the Services without registering or logging in.
Usage information: Details of your use of our Services, including traffic data, location data, logs and other communication data and the resources that you access and use on or through Our Services.
Use of the information
We use the information We collect from and about you for a variety of purposes, including to:
Purchase and delivery of products and services. We use your personal information to take, handle and fulfill orders, deliver products and services, process payments, and communicate with you about orders, products and services, and promotional offers.
Provide, troubleshoot, and improve the Services. We use your personal information to provide functionality, analyze performance, fix errors, and improve the usability and effectiveness of the Services.
Recommendations and personalization. We use your personal information to recommend features, products, and services that might be of interest to you, identify your preferences, and personalize your experience with the Services. We may also share your preferences or the Services availed by you with your network followers on the Company for marketing and other promotional activities of Our Services;
Comply with legal obligations. In certain cases, We collect and use your personal information to comply with laws. For instance, We collect from sellers information regarding place of establishment and bank account information for identity verification and other purposes.
Communicate with you. We use your personal information to communicate with you in relation to the Services via different channels (e.g., by phone, e-mail, chat).
Advertising. We use your personal information to display interest-based ads for features, products, and services that might be of interest to you. We do not use information that personally identifies you to display interest-based ads.
Fraud Prevention and Credit Risks. We use personal information to prevent and detect fraud and abuse in order to protect the security of Our users, the Company, and others. We may also use scoring methods to assess and manage credit risks.
To carry out Company’s obligations and enforcing rights arising from any contracts entered into between you and the Company, including for billing and collection.
Research. Generating and reviewing reports and data, and to conduct research on the Company’s user base and service usage patterns. To conduct research following internal review protocols to ensure the balancing of privacy and to use anonymized data for research. Use for internal purposes such as auditing. understand Our users (what they do on Our Services, what features they like, how they use them, etc.), improve the content and features of Our Services (such as by personalizing content to your interests), process and complete your transactions, and make special offers
To fulfil any other purpose for which you provide Us the information and/or for any other purpose with your consent.
Sharing of the information
We may disclose personal information that We collect or you provide, as described in this Privacy Policy, in the following ways:
General Information Disclosures
To Our holding companies, subsidiaries and affiliates, which are entities under common ownership or control of the Company.
To contractors, advertisers/service providers and other third-parties whom We use to support Our business (e.g. logistics and delivery, to collect payments) and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which We disclose it to them.
Security Precautions
We ensure to maintain reasonable physical, electronic, and managerial procedures to safeguard and help prevent unauthorized access to your information and to maintain data security. These safeguards take into account the sensitivity of the information that We collect, process and store and the current state of technology. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once We receive it. The access to the Services is offered through the use of a secure server and adhere to Our security guidelines to protect it against unauthorized access. However, by using the Services, the users accept the inherent security implications of data transmission over the internet and the World Wide Web which cannot always be guaranteed as completely secure, and therefore, there would always remain certain inherent risks regarding use of the Services.