Security Disclosure Policy

Last Updated: March 2026

1. Our Commitment

We are committed to maintaining the security and integrity of this platform. If you believe you have identified a security vulnerability, we encourage responsible disclosure.

2. Scope

This policy applies to vulnerabilities affecting the publicly accessible components of this website and associated services under our operational control.

3. Reporting a Vulnerability

If you believe you have discovered a security issue, please report it to:

Email: security@yourdomain.uk

Please include:

• A clear description of the vulnerability
• Steps required to reproduce the issue
• The affected URL(s) or functionality
• Any relevant screenshots or technical details

4. Responsible Testing

When conducting security research, we ask that you:

• Act in good faith
• Avoid privacy violations, data destruction, or service disruption
• Do not access, modify, or extract data beyond what is necessary to demonstrate the issue
• Do not attempt social engineering, phishing, or denial-of-service attacks

5. Our Response

We will:

• Acknowledge receipt of your report
• Investigate the issue in a timely manner
• Take appropriate remediation action where required

6. Disclosure

We request that vulnerabilities are not publicly disclosed until remediation has been completed and confirmed.

7. Legal Position

We will not pursue legal action against individuals who report vulnerabilities in good faith and in accordance with this policy.

Activities that intentionally compromise the confidentiality, integrity, or availability of the platform may be referred to the appropriate authorities.

8. Out of Scope

The following are considered out of scope for this policy:

• Denial-of-service attacks
• Spam or social engineering attempts
• Issues requiring physical access
• Reports relating to third-party services not under our operational control