Trust Center

Responsible Disclosure

We welcome reports from security researchers. If you have found a vulnerability in Cossmic, please tell us before disclosing it publicly, and we will work with you to fix it.

How to report

Email security@cossmic.in with enough detail to reproduce the issue — affected URL or endpoint, steps, and impact. Machine-readable contact details are also published at /.well-known/security.txt.

Our commitment

  • We will acknowledge your report promptly and keep you updated as we investigate.
  • We will not pursue legal action against researchers who act in good faith under this policy.
  • We will credit you once the issue is resolved, if you would like.

Please do

  • Give us reasonable time to fix an issue before public disclosure.
  • Only test against your own account or data — never access, modify or destroy another party's data.
  • Avoid privacy violations, service disruption, and automated high-volume testing.