At Stylo Sfas & beds, the security of our website and our customers’ data is a top priority. If you believe you have discovered a security vulnerability affecting our website or systems, we encourage you to notify us promptly. All legitimate reports are reviewed carefully, and we aim to resolve issues as quickly as possible.

Please review the guidelines below before submitting a report.

Responsible Disclosure Principles

When reporting a security issue to Stylo Sfas & beds, we ask that you act in good faith. If you follow these principles, we will not pursue legal action in response to your report:

  • Allow us a reasonable period of time to investigate and fix the issue before publicly disclosing any details.
  • Do not access, modify, or interfere with private accounts or data without explicit permission from the account owner.
  • Make every effort to avoid privacy violations, data loss, or service disruption.
  • Do not exploit the vulnerability for personal gain or attempt to escalate privileges.
  • Conduct your research in compliance with all applicable laws and regulations.

Security Reward Program

We appreciate the efforts of security researchers who help keep our platform safe. At our discretion, we may offer monetary rewards for valid security vulnerability reports based on severity, impact, and overall quality of the submission.

To be considered for a reward, you must:

  • Follow the responsible disclosure principles outlined above.
  • Report a genuine security vulnerability that poses a real risk to our systems or users.
  • Submit your report via our official security contact (please do not contact individual staff members directly).
  • Disclose any unintended privacy exposure or disruption that occurred during your investigation.
  • Understand that reports are prioritised by severity and response times may vary.

We reserve the right to publicly acknowledge or publish valid vulnerability reports once resolved.

Reward Guidelines

Rewards are determined by severity, exploitability, impact, and report quality. Incomplete or non-reproducible reports are not eligible.

  • Only the first valid report of a vulnerability will be eligible for a reward.
  • Multiple issues stemming from the same root cause may be rewarded as a single finding.
  • All reward decisions are made at our sole discretion.

Indicative reward levels (subject to change):

  • Critical (up to £200):
    Examples include remote code execution, full account compromise, privilege escalation, or exposure of sensitive customer data.
  • High (up to £100):
    Examples include authentication bypasses, stored XSS affecting other users, or access to confidential system data.
  • Medium (up to £50):
    Examples include business logic flaws or insecure object references affecting multiple users.
  • Low:
    Issues with limited impact or requiring significant user interaction, such as open redirects or minor information disclosure.

What Not to Report

  • Issues requiring unrealistic user interaction or non-standard configurations
  • Social engineering or phishing attempts
  • Physical security issues
  • Denial-of-service (DoS/DDoS) attacks
  • Outdated browser or plugin vulnerabilities without demonstrable impact

Contact Information

To report a security vulnerability or ask questions about this policy, please contact us:

Stylo Sfas & beds LTD
📍 422 Whalley New Rd, Blackburn BB1 9SL, United Kingdom
📞 +44 7514 988874
📧 support@stylosofasbeds.co.uk

Support Hours: Monday to Friday (09:00 AM to 6:00 PM GMT)