Responsible Disclosure Policy

Effective Date: July 12, 2023

We prioritize the safety and security of our systems, but despite our best efforts, vulnerabilities may still
exist. If you have discovered a vulnerability, we appreciate your cooperation in promptly reporting it to
us. By following the guidelines outlined below, you can help us address the issue and better protect our
customers and systems.

Reporting Instructions:

  1. Email your findings to support@shopctrl.com.
  2. Please refrain from exploiting the vulnerability or issue you have discovered. Avoid actions such
    as downloading excessive data to demonstrate the vulnerability or modifying or deleting others'
    data.
  3. Do not disclose the problem to anyone else until it has been resolved.
  4. Do not attempt physical security attacks, engage in social engineering, use distributed denial of
    service, spam, or third-party applications.
  5. Provide sufficient information to replicate the problem. Typically, the IP address or URL of the
    affected system and a comprehensive vulnerability description are adequate. However, for
    complex vulnerabilities, additional details may be necessary.

Our Commitment to You:

  1. We will acknowledge receipt of your report within 3 working days and provide an initial
    assessment of the issue, along with an estimated timeframe for a solution.
  2. If you adhere to the above instructions, we will not pursue any legal actions against you
    concerning your disclosure.
  3. Your report will be handled with strict confidentiality. We will not disclose your personal
    information to any third parties without your explicit consent.
  4. We will keep you informed about the progress made in resolving the reported issue.
  5. In the public information regarding the resolved problem, we will credit you as the discoverer,
    unless you prefer otherwise.

We strive to resolve all vulnerabilities promptly and aim to play an active role in any future publication
related to the issue, once it has been addressed.

Thank you for your assistance in maintaining the security of our systems. Your contribution is invaluable
in our continuous efforts to enhance our security measures.