ForensicSpot

Trust

Security

Last updated: 29 April 2026

01.Our approach

ForensicSpot takes the security of your account and your data seriously. We follow standard industry practices around authentication, encryption, and access control, and we keep our internal procedures continually under review.

We deliberately keep the specifics of those procedures private — publishing a detailed breakdown of how the platform is hardened would help anyone trying to find a way around it. If you are a security researcher and you need scope information for a good-faith test, the disclosure path below covers it.

02.What we do, in plain English

  • Encryption everywhere. Your connection to ForensicSpot is always over HTTPS. Your data is encrypted at rest.
  • Passwords stay yours. We never see your password in plaintext — it is hashed by our authentication provider before it leaves your browser.
  • Payments through Razorpay. We never see or store your card or UPI details. Razorpay handles the payment on their PCI-DSS-certified infrastructure.
  • Independent vendors for the parts we shouldn't do ourselves. Authentication and payments are handled by purpose-built providers, not by code we wrote.
  • Continuous monitoring. We watch for unusual patterns and respond to incidents quickly.

03.What you can do

  • Use a strong, unique password — one you don't use anywhere else.
  • Sign out on shared devices.
  • If something looks wrong (an email you didn't expect, a purchase you didn't make, a sign-in you don't recognise) tell us right away at hello@forensicspot.com.

04.Reporting a vulnerability

If you have found what you believe is a security vulnerability on ForensicSpot, please write to security@forensicspot.com with:

  • A clear description of the issue
  • How to reproduce it
  • The impact you believe it has

We acknowledge every credible report within 2 business days, and aim to resolve confirmed issues quickly based on severity. Please give us a reasonable window to fix the issue before disclosing it publicly.

We will not pursue legal action against good-faith researchers who:

  • Stop testing the moment they have confirmed the issue
  • Avoid privacy violations and don't access more user data than necessary to demonstrate impact
  • Don't degrade the service for other users (no DoS, no destructive testing)
  • Report the issue to us privately first

05.Contact

Vulnerability reports: security@forensicspot.com

Account or general security questions: hello@forensicspot.com

Other policies