Beshi Khushi handles security reporting as part of its wider responsibility to protect user privacy, account safety, and platform integrity.
Because our platform operates in a sensitive area of personal wellbeing and sexual wellness, security is not treated as a background technical matter. It is part of how we protect trust, discretion, and safe access to information, products, and support.
This page explains how to report a potential security issue, what kinds of reports are relevant, how those reports are reviewed, and the standards we expect from anyone reporting a vulnerability in good faith.
We welcome responsible, private reporting of genuine security vulnerabilities.
If you believe you have identified a weakness in our website, systems, or account protections, we ask that you report it directly to us before sharing it publicly. This gives us a fair opportunity to investigate the issue, reduce risk, and protect users from unnecessary exposure.
We value reports that are made carefully, honestly, and without causing harm. Responsible disclosure helps strengthen the platform. Irresponsible disclosure can put users, accounts, and sensitive information at risk.
This policy applies to security-related concerns involving Beshi Khushi’s digital platform, including website functionality, account access protections, authentication controls, data handling risks, and platform abuse pathways that may affect integrity or user safety.
You should report issues that could create a meaningful security or privacy risk.
This may include :
We also encourage reports where a weakness may not yet have been exploited but could realistically be used in a way that harms users, compromises privacy, or weakens trust in the platform.
This reporting channel is for legitimate security concerns only.
If you believe you have found a genuine security issue, please contact us privately by email.
A useful report should be clear enough for our team to understand what happened, where it happened, and why it matters. Where possible, include the affected page, URL, feature, or flow, a description of the issue, practical steps to reproduce it, screenshots if appropriate, and a short explanation of the potential impact.
Please do not include unnecessary personal, medical, financial, or intimate information in your report. If the issue involves sensitive data, share only what is strictly needed for verification and keep your disclosure limited and careful.
We expect reporters to act conservatively and in good faith.
That means you should avoid accessing or attempting to access other users’ accounts, data, or personal information.
You should not alter, delete, download, or retain data that is not yours. You should not attempt to disrupt the availability of the website, interfere with normal operations, or use automated or aggressive methods that create avoidable strain on the platform.
Demonstrating that a vulnerability exists is one thing.Expanding the test in a way that creates exposure, instability, or harm is another. We expect the first, not the second.
All credible security reports are reviewed internally by the relevant technical and governance teams.
Each report is assessed based on context, plausibility, potential impact, severity, scope, and the likelihood that the issue could be exploited in a real-world setting. Not every report will qualify as a confirmed vulnerability, but each credible submission is reviewed on its merits.
Where an issue is verified, we take remediation steps appropriate to the nature of the risk. That may include code fixes, access-control changes, monitoring improvements, process updates, or other measures designed to reduce exposure and strengthen protection going forward.
We aim to acknowledge genuine security reports within a reasonable timeframe.
Resolution timing depends on the nature of the issue. Some vulnerabilities can be reviewed and addressed relatively quickly. Others require deeper investigation, testing, staged deployment, or coordination across systems. For that reason, we cannot promise a fixed resolution timeline for every report.
We may not be able to provide detailed technical updates in every case. However, credible reports are recorded, assessed, and handled through our internal review process with appropriate seriousness.
Beshi Khushi does not currently operate a bug bounty or paid vulnerability reward program.
Responsible disclosure is appreciated because it supports user protection and platform integrity, but submitting a report does not create any entitlement to payment, compensation, or public recognition unless Beshi Khushi expressly decides otherwise.
For security or vulnerability-related concerns, please contact:
Support hours: Saturday to Thursday, 9:00 AM to 10:00 PM (Bangladesh)
Please use these contacts for security-related reporting only. General customer service questions should be sent through the appropriate support channel so they can be handled more efficiently.
This policy is maintained as part of Beshi Khushi’s Trust & Safety governance framework and is reviewed periodically.
We may update it to reflect changes in platform architecture, operational practices, risk management standards, legal obligations, or the practical needs of protecting users in Bangladesh. Any updates are intended to improve clarity, strengthen accountability, and support safer handling of security-related concerns.
At Beshi Khushi, security is not treated as a marketing claim or a box-ticking exercise. It is part of the basic standard required to run a privacy-sensitive platform responsibly.
