How we protect your account, data, and transactions
Security is foundational to Vendor Stocks. As a B2B and B2C marketplace handling business identities, verification documents, invoices, and payments, we apply layered, industry-standard safeguards across our infrastructure, application, and operations. This page summarises the measures we take — and how to report a vulnerability responsibly.
TLS 1.3 in transitAES-256 at restPCI-DSS gatewaysRow-Level SecurityDPDP Act 2023
Our Security Measures
SSL / TLS Encryption
All traffic between your browser and Vendor Stocks is encrypted using TLS 1.3, and data at rest — documents and database records — is encrypted with AES-256. We enforce HTTPS everywhere and use HSTS to prevent protocol downgrade attacks.
Secure Authentication
Accounts are protected with securely hashed credentials, session-based access tokens, and short-lived sessions. Sign-in activity is monitored for anomalies, and we never store your password in plain text. Keep your credentials private and unique.
Data Protection
Role-based access control and row-level security isolate every organisation's data. Verification documents are held in access-restricted storage with audit logging, backups are encrypted, and access to production data is limited and recorded.
Vendor Verification
Sellers undergo document-based verification — PAN, GSTIN, and business registration are reviewed before activation. Verification reflects review, not endorsement, and accounts may be re-checked periodically to keep the marketplace trustworthy.
Fraud Prevention
We continuously monitor for fake listings, fraudulent transactions, and coordinated abuse. Automated checks, rate limiting, and bot protection guard the platform, and our team investigates and acts on suspicious activity.
Payment Security
Payments are processed by PCI-DSS compliant gateway partners (Razorpay / PayU). We never store full card numbers, CVVs, UPI PINs, or net-banking credentials — sensitive payment data is handled entirely by the gateway.
Responsible Disclosure Policy
We welcome reports from security researchers and users who discover potential vulnerabilities. If you believe you have found a security issue, please disclose it to us responsibly so we can protect our users while it is being resolved.
How to Report
Email our security teamSend a detailed report to support@skylightsenergy.in with a subject line beginning "Security". Include steps to reproduce, the affected URLs or endpoints, and any supporting evidence.
Give us time to investigateWe will acknowledge your report within 3 business days and work to validate and remediate confirmed issues as quickly as possible.
Disclose responsiblyPlease do not publicly disclose the issue, access or modify other users' data, or degrade our service while we investigate. Acting in good faith under this policy will not result in legal action from us.
Please Avoid
Accessing, downloading, or modifying data that does not belong to you
Denial-of-service (DoS) testing, spam, or social engineering of our staff or users
Automated scanning that degrades platform performance for others
Publicly disclosing a vulnerability before we have resolved it
Your Role in Staying Secure
Protect your credentials: never share your password, and use a strong, unique one.
Verify before you transact: confirm vendor details and order terms before making payments.
Report anything suspicious: unexpected emails, listings, or sign-in alerts should be reported immediately.
Keep your device secure: use updated browsers and avoid logging in on untrusted networks or shared devices.
While we apply rigorous safeguards, no system is ever completely immune to risk. We continually review and strengthen our defences — and we count on our community to help us keep Vendor Stocks safe.
Security Contact
To report a vulnerability or raise a security concern, contact our security team: