Security Practices

Last updated: 25 May 2026

We take reasonable steps to secure Orbitshala. Security is a shared responsibility—please keep your credentials private.

What we do

  • Password hashing and account lockout patterns for repeated failed logins.
  • Audit logging, monitoring, and abuse prevention controls.
  • Session integrity checks for test recovery and autosave operations.
  • Access controls and least-privilege practices for internal systems.

What you should do

  • Use a strong password and don’t reuse passwords across services.
  • Don’t share your account or OTPs.
  • Log out on shared devices.
  • Report suspicious activity promptly.

Responsible disclosure

If you discover a vulnerability, please email us with details and steps to reproduce. Please do not publicly disclose issues before we’ve had a chance to investigate.

Contact

Support: support@orbitshala.com
Privacy: privacy@orbitshala.com
Security: security@orbitshala.com
Billing: billing@orbitshala.com
Grievance: grievance@orbitshala.com

  • Don’t access other users’ data.
  • Don’t disrupt the Services (e.g., DoS) during testing.
  • Provide enough detail for us to reproduce and fix the issue.

We may update these practices as the platform evolves.