Responsible Disclosure Policy
Last updated: 2026
At The Wee Shoppie, we take the security of our website and customer information very seriously. If you believe you have discovered a security vulnerability affecting our website, we encourage you to report it responsibly so we can investigate and resolve the issue as quickly as possible.
1. Purpose of This Policy
This policy explains how security researchers and users can responsibly report potential security vulnerabilities. We appreciate good-faith reports that help us improve the security of our website and services.
2. Responsible Reporting Guidelines
If you follow these guidelines, we will not pursue legal action against you for your security research:
-
Give us reasonable time to investigate and resolve the issue before publicly disclosing it.
-
Do not access, copy, modify, or delete customer information.
-
Do not attempt to gain unauthorized access to accounts, servers, or systems.
-
Do not interrupt or disrupt our website or services.
-
Do not use phishing, malware, ransomware, or social engineering techniques.
-
Comply with all applicable laws and regulations.
3. How to Report a Vulnerability
Please report any suspected security vulnerability by email.
Email: support@theweeshoppie.com
Please include the following information where possible:
-
The affected page or URL
-
A detailed description of the vulnerability
-
Steps required to reproduce the issue
-
Supporting evidence, such as screenshots
-
The potential impact of the vulnerability
4. Our Response
Once we receive your report, we will:
-
Review the information provided
-
Attempt to reproduce the issue
-
Investigate and assess the severity
-
Take appropriate action where necessary
Response times may vary depending on the complexity and severity of the reported issue.
5. Scope
This policy applies to:
-
The Wee Shoppie website
-
Customer accounts
-
Checkout process
-
Order and payment-related security features
6. Out of Scope
The following are generally considered outside the scope of this policy:
-
Theoretical vulnerabilities without practical impact
-
Automated scanner reports without supporting evidence
-
Spam or social engineering attacks
-
Denial-of-service (DoS or DDoS) testing
-
Security issues affecting third-party services that are outside our control
7. Bug Bounty
The Wee Shoppie does not operate a bug bounty or vulnerability reward program. Any acknowledgement or recognition is entirely at our discretion.
8. Public Disclosure
Please do not publicly disclose any security vulnerability until you have received written permission from The Wee Shoppie confirming that the issue has been resolved.
9. Confidentiality
All vulnerability reports should remain confidential. Please do not include unnecessary personal information or customer data in your report.
10. Contact
The Wee Shoppie
Address: 96 Main St, Gardenstown, Banff AB45 3YP, United Kingdom
Email: support@theweeshoppie.com