Authorized PartnerFree DiagnosisGenuine PartsSame-day Service
Authorized PartnerFree DiagnosisGenuine PartsSame-day Service
f1-logo
f1-logo
Home
About Us
Services
Mobile RepairLaptop RepairOthers
Store Locator
Authorized Brands

Mobile

Google
Samsung
Realme
Nothing
Apple

Laptops

Asus
Acer
Partner With Us
Contact Us

SECURITY

Jeeves Responsible Disclosure Policy

Jeeves (A Flipkart Company) is a tech-enabled after-sales service entity. It specializes in providing comprehensive installation, maintenance, and repair services for a wide range of consumer electronics and appliances purchased on Flipkart, enhancing the customer experience. Jeeves plays a crucial role in ensuring customer satisfaction by offering hassle-free support and assistance for products sold on Flipkart's platform. Jeeves takes the security of our systems and services very seriously, and it is our constant effort to make our services secure and keep our customer data very safe.

How To Report An Issue?

At present, our Bug Bounty Program is private and works on an invitation-only basis. If you are not invited to our program but think you have discovered a valid in scope vulnerability, Please report it to us via the submission form available here or mail it to security@flipkart.com. Once we receive your submission, the team will investigate your report and work with you to understand and remediate the vulnerability. Meantime, please don't discuss or disclose the vulnerability details until we close the report.

Thank you for keeping Jeeves and our customers safe.

Out-Of-Scope Vulnerabilities

  • Must demonstrate security impact for the report to be considered - general software bugs (like SSL, older versions etc.) are not in scope for this program
  • Username Enumeration via signup and account recovery forms
  • Findings with no Significant Impact and Risk
  • Vulnerabilities regarding SPF/DMARC/DKIM records without verifiable proof of spoofing to a major mail client
  • Best practices concerns like forcing SSL or SSL/TLS configuration, missing security headers, etc.
  • Vulnerabilities reported by automated tools and scanners without additional proof of concept
  • Vulnerabilities that only affect outdated app versions or browsers
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
  • Exploits that need MITM or physical access to the victim's device
  • Clickjacking on pages with no sensitive actions
  • Unauthenticated/logout/login CSRF
  • Previously known vulnerable libraries without a working Proof of Concept
  • Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS
  • Most of the open redirect vulnerabilities have low security impact. In case, the impact is high, do let us know
  • Stack traces, directory listings or path disclosures
  • Self XSS
  • Social engineering attacks, both against users or Flipkart employees
  • Issues related to delivery charges exception on return

Out-Of-Scope Vulnerabilities For Android/iOS

  • Exploits reproducible only on rooted/jailbroken devices
  • Absence of certificate pinning
  • Snapshot/Pasteboard/Clipboard data leakage
  • Lack of obfuscation
  • Exploits using runtime changes
  • Application crashes
  • Irrelevant activities/Intents exported
  • Android backup vulnerability

Acknowledgements

For valid and impactful reports, we offer recognition in our "Hall of Fame" for your valuable contribution to our website's security. For public disclosure, we would need to review the report and ask you to hide certain details. We respect your preference for anonymity if desired.

Also, if we think that for a particular bug, a researcher went an extra mile we might provide a bounty as an exception.

COPYRIGHT © 2025 EKART. ALL RIGHTS RESERVED.