Responsible Disclosure Policy – Exiito Beverages
At Exiito Beverages, we take the security of our systems and customer data seriously. We appreciate the efforts of security researchers and the community in helping us maintain a safe and secure environment.
This Responsible Disclosure Policy outlines how you can report security vulnerabilities to us responsibly.
1. Reporting a Vulnerability
If you discover any security vulnerability in our website, systems, or services, please report it to us as soon as possible.
Please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Screenshots or proof of concept (if available)
2. Our Commitment
When you report a vulnerability responsibly, we commit to:
- Acknowledge your report within 48 hours
- Investigate and validate the issue promptly
- Take necessary steps to fix the vulnerability
- Keep you informed about the progress
3. Guidelines for Researchers
We ask that you:
- Act in good faith and avoid privacy violations
- Do not exploit the vulnerability beyond what is necessary to prove it
- Do not access, modify, or delete user data
- Do not disrupt our services (no DDoS or spam attacks)
- Do not publicly disclose the issue until we have resolved it
4. Scope
This policy applies to:
- Our official website
- Online forms and portals
- Any digital service operated by Exiito Beverages
5. Out of Scope
The following are generally out of scope:
- Social engineering attacks
- Physical security issues
- Third-party services not controlled by us
- Spam or low-impact issues
6. Safe Harbor
We will not take legal action against researchers who:
- Follow this policy
- Act responsibly and ethically
- Avoid harming users or systems
7. Recognition
We value contributions from security researchers. While we may not offer monetary rewards, we may acknowledge your contribution (with your permission).
