Responsible Disclosure Policy

Last updated: 2026

At The Wee Shoppie, we take the security of our website and customer information very seriously. If you believe you have discovered a security vulnerability affecting our website, we encourage you to report it responsibly so we can investigate and resolve the issue as quickly as possible.

1. Purpose of This Policy

This policy explains how security researchers and users can responsibly report potential security vulnerabilities. We appreciate good-faith reports that help us improve the security of our website and services.

2. Responsible Reporting Guidelines

If you follow these guidelines, we will not pursue legal action against you for your security research:

  • Give us reasonable time to investigate and resolve the issue before publicly disclosing it.

  • Do not access, copy, modify, or delete customer information.

  • Do not attempt to gain unauthorized access to accounts, servers, or systems.

  • Do not interrupt or disrupt our website or services.

  • Do not use phishing, malware, ransomware, or social engineering techniques.

  • Comply with all applicable laws and regulations.

3. How to Report a Vulnerability

Please report any suspected security vulnerability by email.

Email: support@theweeshoppie.com

Please include the following information where possible:

  • The affected page or URL

  • A detailed description of the vulnerability

  • Steps required to reproduce the issue

  • Supporting evidence, such as screenshots

  • The potential impact of the vulnerability

4. Our Response

Once we receive your report, we will:

  • Review the information provided

  • Attempt to reproduce the issue

  • Investigate and assess the severity

  • Take appropriate action where necessary

Response times may vary depending on the complexity and severity of the reported issue.

5. Scope

This policy applies to:

  • The Wee Shoppie website

  • Customer accounts

  • Checkout process

  • Order and payment-related security features

6. Out of Scope

The following are generally considered outside the scope of this policy:

  • Theoretical vulnerabilities without practical impact

  • Automated scanner reports without supporting evidence

  • Spam or social engineering attacks

  • Denial-of-service (DoS or DDoS) testing

  • Security issues affecting third-party services that are outside our control

7. Bug Bounty

The Wee Shoppie does not operate a bug bounty or vulnerability reward program. Any acknowledgement or recognition is entirely at our discretion.

8. Public Disclosure

Please do not publicly disclose any security vulnerability until you have received written permission from The Wee Shoppie confirming that the issue has been resolved.

9. Confidentiality

All vulnerability reports should remain confidential. Please do not include unnecessary personal information or customer data in your report.

10. Contact

The Wee Shoppie

Address: 96 Main St, Gardenstown, Banff AB45 3YP, United Kingdom

Email: support@theweeshoppie.com