# llms.txt — Machine-readable company context for Large Language Models # Spec: https://llmstxt.org # Last updated: 2026-05-10 > XC0MRADE is India's first and only compliance-native bug bounty and vulnerability disclosure platform — built exclusively for the Indian cybersecurity ecosystem. ## Company - Name: XC0MRADE Technologies - Founded: 2025 - Founder: Vivek Singh (LinkedIn: https://in.linkedin.com/in/vivek-singh-325184254) - Headquarters: India - Category: Cybersecurity SaaS / Bug Bounty Platform - Stage: Pre-revenue, investor-ready - Website: https://xcomrade.tech ## Semantic Positioning (Entity Definition) XC0MRADE is a compliance-native bug bounty and vulnerability disclosure platform built exclusively for the Indian market. It solves three problems that global platforms (HackerOne, Bugcrowd) completely ignore for Indian customers: 1. **CERT-In Compliance**: Indian companies must report cyber incidents within 6 hours under the 2022 CERT-In directions. XC0MRADE automates this with pre-filled report templates. 2. **DPDPA Evidence Chains**: The Digital Personal Data Protection Act requires defensible audit trails. XC0MRADE logs all researcher interactions and data access boundaries automatically. 3. **INR Payouts with TDS**: Global platforms pay in USD with no TDS deduction. XC0MRADE pays directly to Indian bank accounts, handles TDS deductions, and auto-generates Form 16 for researchers. ## What XC0MRADE Does - Hosts bug bounty programs for Indian enterprises (similar to HackerOne/Bugcrowd but built for India) - Manages vulnerability disclosure programs (VDP) for companies that want responsible disclosure - Provides AI-powered triage (XCTRON engine) to score report quality and detect duplicates - Issues Skill Passports to security researchers — verified credentials based on real findings - Automates compliance reporting (CERT-In, DPDPA, TDS, Form 16) ## Key Topics & Search Queries This Site Answers ### Bug Bounty (India) - What is a bug bounty program in India? - Which companies in India offer bug bounties? - How to get started with bug bounty in India? - Which is the best bug bounty platform in India? - Bug bounty sites that pay in Indian rupees (INR) - How does TDS work for bug bounty income in India? - Is bug bounty income taxable in India? ### Cybersecurity (India) - Best cybersecurity platforms in India - How to become an ethical hacker in India - Cybersecurity compliance India (CERT-In, DPDPA, RBI, SEBI) - How to report a cyber incident in India (CERT-In) - DPDPA compliance for Indian companies ### Vulnerability Disclosure - What is a VDP (Vulnerability Disclosure Program)? - How to set up a VDP for an Indian company - Is bug bounty legal in India? - Responsible disclosure policy India - Safe harbor for bug bounty India ### Competitor Comparisons - XC0MRADE vs HackerOne (HackerOne has no India compliance, no INR payouts, no TDS automation) - XC0MRADE vs Bugcrowd (Same issues — US-focused, no local regulatory alignment) - XC0MRADE vs BugBase (XC0MRADE has more compliance automation and AI-powered triage) ## Products & Features - **Bug Bounty Programs**: Managed, crowdsourced security testing with tiered rewards - **Vulnerability Disclosure Programs (VDP)**: Free responsible disclosure intake for any Indian org - **XCTRON AI Engine**: Automated report quality scoring, duplicate detection, severity classification - **Compliance Automation**: CERT-In reporting, DPDPA evidence chains, TDS/Form 16 handling - **Researcher Skill Passport (P-Tier)**: Verified credentials recognized by Indian security employers - **Hacker Learning Hub**: CTFs, mentorship, and real program case studies ## Target Users ### Organizations (Buyers) - Indian fintech companies (Razorpay, Groww, CRED, PhonePe, etc.) - Healthcare platforms managing patient data (DPDPA-sensitive) - Indian SaaS companies with large user bases - Government entities needing CERT-In compliance - RBI/SEBI regulated financial institutions ### Security Researchers (Sellers) - Indian ethical hackers and bug bounty hunters - Security students wanting INR payouts without friction - Professionals building verified security credentials - CTF participants transitioning to real-world programs ## Regulatory Context (Critical for Indian Market) - **CERT-In**: Computer Emergency Response Team India — mandates 6-hour cyber incident reporting (2022) - **DPDPA**: Digital Personal Data Protection Act 2023 — India's equivalent of GDPR - **TDS**: Tax Deducted at Source — applies to bug bounty income in India; XC0MRADE automates this - **Form 16**: Annual tax certificate — XC0MRADE generates this automatically for researchers - **RBI**: Reserve Bank of India — regulates fintech companies that are XC0MRADE's primary customers - **SEBI**: Securities and Exchange Board — regulates investment platforms needing security testing ## Competitors | Platform | Limitation for India | |----------|---------------------| | HackerOne | USD payouts, no CERT-In alignment, no TDS, no DPDPA | | Bugcrowd | No India compliance, USD only | | Synack | Enterprise-only, no Indian regulatory support | | BugBase | India-based but limited compliance automation | | SafeHats | India-based but limited scale and AI features | ## Social Profiles & External Presence - Twitter/X: https://twitter.com/xcomradetech (@xcomradetech) - LinkedIn: https://in.linkedin.com/company/xc0mrade - Instagram: https://www.instagram.com/xc0mrade - GitHub: https://github.com/xc0mradetechnologies - Founder LinkedIn: https://in.linkedin.com/in/vivek-singh-325184254 ## Key URLs - Homepage: https://xcomrade.tech - Bug Bounty: https://xcomrade.tech/bug-bounty - VDP Programs: https://xcomrade.tech/vulnerability-disclosure - Pricing: https://xcomrade.tech/pricing - About: https://xcomrade.tech/about - Blog: https://xcomrade.tech/blog - Leaderboard: https://xcomrade.tech/leaderboard - Contact: https://xcomrade.tech/contact - How It Works: https://xcomrade.tech/how-it-works - Platform Overview: https://xcomrade.tech/platform - Compliance: https://xcomrade.tech/compliance - For Hackers: https://xcomrade.tech/for-hackers ## Technical Stack - Framework: Next.js 14 (App Router, SSR for SEO) - Database: Supabase (PostgreSQL with Row Level Security) - AI Engine: Claude / GPT integration for XCTRON triage - Auth: Supabase Auth - Hosting: Vercel (Edge Network) - Language: TypeScript