Report Security Issues

If you have discovered a security vulnerability on our website or services, we appreciate your responsible disclosure and your efforts to help keep our platform secure.

Fundamentals

If you follow the principles below when reporting a security issue to Pawfect For Pets, we will not initiate legal action against you in response to your report.

We ask that:

  1. You give us reasonable time to investigate and resolve the issue before publicly disclosing it or sharing it with others.
  2. You do not access, modify, or interact with any private accounts or data without explicit permission from the account owner.
  3. You make a good faith effort to avoid privacy violations and disruption of services, including data destruction or service interruption.
  4. You do not exploit any vulnerability you discover. This includes accessing sensitive data or attempting further compromise.
  5. You comply with all applicable laws and regulations.

Bounty Program

We may reward security researchers who responsibly report valid vulnerabilities.

Rewards are granted at the sole discretion of Pawfect For Pets and are based on factors such as risk, impact, and report quality.

To qualify for a reward:

  1. You must follow all the fundamentals outlined above.
  2. You must report a valid security vulnerability that creates a real risk to our systems or users.
  3. Reports must be submitted through our official contact channel. Do not contact employees directly.
  4. If any data is accessed unintentionally, you must clearly disclose it in your report.
  5. We review all reports, but response time may vary depending on priority and volume.
  6. We reserve the right to publish anonymised reports for transparency and improvement purposes.

Rewards

Rewards are based on the severity and impact of the vulnerability.

Critical severity (up to £200)
Examples include:

  • Remote code execution
  • Full account compromise
  • Authentication bypass leading to admin access

High severity (up to £100)
Examples include:

  • Access to sensitive data
  • Security flaws affecting multiple users
  • Cross-site scripting affecting users
  • Insecure authentication handling

Medium severity (up to £50)
Examples include:

  • Logic flaws affecting multiple users
  • Insecure data handling
  • Improper access controls

Low severity
Examples include:

  • Minor information exposure
  • Open redirect
  • Issues requiring user interaction

Additional conditions:

  • Reports must include clear reproduction steps
  • Duplicate reports are not rewarded
  • Multiple issues caused by one root problem may be treated as a single report
  • Final reward decisions are made at our discretion

Contact Us

To report a security issue, please contact:

Pawfect For Pets
Email: help@thepawfectpets.co.uk