Legal — Privacy, passive-scan posture, responsible disclo...

Legal

Privacy policy

Dhara is operated by Eleven11 (“we”). This policy describes what we collect on the marketing site, what we do with it, and how long we keep it.

What we collect

When you request a free report via /get-report, we collect the email address and domain you provide, along with optional company name and compliance framework interest.
Our web server logs record the requesting IP address, user-agent, and request path for operational and security purposes.
We do not use cookies on the marketing site. We do not run third-party analytics.

What we do with it

Report requests are used solely to run the requested passive scan and deliver the resulting report to the email you provided.
We may contact you once after delivery to ask if you would like to discuss findings. You can reply with “no thanks” and we will not email you again.
We do not sell, rent, or share your data with third parties.

Retention

Server logs are retained for 30 days.
Report data and prospect records are retained for 24 months or until you request deletion by emailing the address below.

Contact

Privacy queries and deletion requests: privacy@eleven11.pro.

Passive-scan posture

Dhara's free exposure report is generated using passive observation only. No traffic is directed at the origin of the target domain during this phase. We query public data sources: DNS resolvers, certificate transparency logs, historical URL archives, and passive technology-fingerprint datasets.

This posture is preserved for the lifetime of the free report offering. If and when a customer engages Dhara for active scanning or penetration testing, we require a written authorisation document identifying the in-scope assets and the party authorising the testing before any traffic is sent.

Passive observation of third-party-published data does not constitute unauthorised access under the Information Technology Act, 2000 (India) §43 / §66, nor under the Computer Fraud and Abuse Act (United States, 18 U.S.C. §1030). We will not conduct active scanning without express authorisation.

Responsible disclosure

If you believe you have found a security issue in a Dhara-operated property, please contact us via the channels below. We aim to acknowledge reports within two business days and remediate or respond substantively within 30 days.

Email: security@eleven11.pro
In-scope domains: eleven11.pro and its subdomains, including audit.eleven11.pro and dhara.eleven11.pro.
Out of scope: volumetric denial-of-service, social engineering of staff, and findings requiring an authenticated operator account.

We will not take legal action against researchers acting in good faith under this policy. We ask that you do not access accounts or data that are not your own, and give us reasonable time to respond before any public disclosure.

Terms

The free exposure report is provided as-is, without warranty, for informational purposes. Requesting a report requires an affirmative representation that you are authorised to receive an external scan of the domain you submit; this is enforced via the checkbox on the request form and by rate-limiting obviously abusive use.