Security Vulnerability Disclosure Policy

Security Vulnerability Disclosure Policy

Last updated: 3 May 2026

At Animal Forum, we take the security of our website and customer information seriously. If you believe you have discovered a security vulnerability on www.animalforum.shop, we encourage you to notify us responsibly so we can review and address the issue.

Please read this policy carefully before submitting a report.

1. Purpose of This Policy

This policy explains how security researchers, customers, or members of the public can report potential security vulnerabilities to Animal Forum in a responsible and lawful way.

We welcome good-faith reports that help us improve the security of our website, systems, and customer experience.

2. Reporting Principles

If you follow the principles below when reporting a security issue to Animal Forum, we will not initiate legal action against you in response to your report.

We ask that you:

  • Give us reasonable time to investigate and fix the issue before disclosing it publicly or sharing it with others.
  • Do not access, modify, delete, download, or share private accounts, customer information, order details, or personal data.
  • Do not attempt to gain unauthorised access to systems, accounts, payment information, or confidential information.
  • Do not exploit any vulnerability for any reason, including to demonstrate additional impact.
  • Do not perform actions that could disrupt, damage, or degrade our website, services, hosting, or third-party systems.
  • Do not use social engineering, phishing, physical attacks, spam, malware, denial-of-service testing, or automated high-volume scanning.
  • Make a good-faith effort to avoid privacy violations, service disruption, data loss, or damage to our services.
  • Comply with all applicable laws and regulations.

3. How to Report a Vulnerability

To report a suspected vulnerability, please contact us by email:

Email: support@animalforum.shop

Please include as much detail as possible so we can understand and reproduce the issue.

Your report should include:

  • The page, URL, or area of the website affected
  • A clear description of the issue
  • Steps to reproduce the issue safely
  • Screenshots or screen recordings, where helpful
  • The potential impact of the issue
  • Your contact details, if you would like us to follow up with you

Please do not include sensitive customer data, payment data, passwords, or private information in your report.

4. What You Can Expect From Us

After receiving a valid report, we will aim to:

  • Review the information provided
  • Confirm whether the issue can be reproduced
  • Assess the potential security or privacy impact
  • Take appropriate action where necessary
  • Contact you if we need more information

Response times may vary depending on the seriousness of the report, the quality of the information provided, and the complexity of the issue.

5. Scope

This policy applies to security issues affecting:

  • www.animalforum.shop
  • Animal Forum website pages
  • Customer account or checkout-related security issues connected to our website
  • Order, account, or customer data protection issues connected to our website

This policy does not authorise testing against third-party platforms, payment providers, shipping companies, hosting providers, apps, plugins, or services that are not owned or controlled by Animal Forum.

6. Out-of-Scope Issues

The following types of reports are generally considered out of scope:

  • Theoretical issues without a practical security impact
  • Reports from automated scanners without explanation or proof of impact
  • Missing security headers without a clear exploit path
  • Clickjacking on pages with no sensitive action
  • Rate-limiting issues with no proven security impact
  • Self-XSS that only affects the reporter’s own browser
  • Social engineering attempts
  • Phishing attempts
  • Spam or bulk email issues
  • Physical security issues
  • Denial-of-service or stress testing
  • Issues affecting outdated browsers or unsupported devices

We may still review these reports, but they may not receive a detailed response.

7. No Guaranteed Reward or Bug Bounty

Animal Forum does not currently operate a guaranteed paid bug bounty or reward programme.

We appreciate responsible security reports, but submitting a report does not create any right to payment, reward, employment, contract, or compensation.

Any recognition or reward, if offered, is entirely at our discretion and must be agreed in writing.

8. Public Disclosure

Please do not publicly disclose, publish, or share details of any vulnerability without receiving written permission from Animal Forum.

We ask that you give us reasonable time to investigate and resolve any confirmed issue before any disclosure is considered.

9. Confidentiality

Any information shared with us as part of a vulnerability report should be treated as confidential.

You must not share customer data, order information, account information, screenshots containing personal data, or technical details that could help others exploit the issue.

If you accidentally access confidential information, please stop testing immediately and report the issue to us.

10. Legal Considerations

We support responsible, good-faith security research conducted in line with this policy.

However, this policy does not give permission to:

  • Break the law
  • Access data that does not belong to you
  • Disrupt our services
  • Damage systems or data
  • Attempt unauthorised access
  • Test third-party services without permission

Animal Forum reserves all legal rights in cases of malicious activity, abuse, fraud, data theft, extortion, or actions outside this policy.

11. Contact Information

For security vulnerability reports, please contact us:

Animal Forum
161 Newgate Street
Bishop Auckland
DL14 7EN
United Kingdom

Email: support@animalforum.shop
Phone: 01388601768