Report security issues – Growersoutlet

Security Vulnerability Disclosure Policy

At GROWERSOUTLET, we take the security and privacy of our customers seriously. If you believe you have discovered a security vulnerability on growersoutlet.shop, we encourage you to report it responsibly so our team can investigate and resolve the issue promptly.

Please review the guidelines below before submitting a report.

Responsible Disclosure Guidelines

If you act in good faith and follow the principles outlined below, GROWERSOUTLET will not initiate legal action or enforcement investigations in response to your report.

We ask that you:

Allow us reasonable time to investigate and resolve the issue before publicly disclosing it.
Avoid accessing, modifying, or deleting data that does not belong to you.
Do not access private customer accounts without explicit permission from the account owner.
Make every effort to avoid service interruptions, data destruction, or privacy violations.
Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue.
Comply with all applicable local, state, federal, and international laws.

Security Research & Reward Program

We appreciate responsible security researchers who help improve the safety of our platform. At our discretion, GROWERSOUTLET may recognize or reward valid vulnerability reports based on severity, impact, and report quality.

To qualify for consideration:

You must follow all responsible disclosure guidelines listed above.
The reported issue must represent a legitimate security or privacy risk.
Your report should include clear reproduction steps, proof of concept when applicable, and detailed technical information.
You must report vulnerabilities directly through our official support contact and not through public channels.
Any accidental access to sensitive information must be disclosed immediately and not retained, copied, or shared.

Please note that response and resolution times may vary depending on the complexity and severity of the issue.

Reward Guidelines

Rewards are evaluated based on several factors, including:

Severity and potential impact
Ease of exploitation
Quality and completeness of the report
Ability to reproduce the issue

Only the first valid report for a specific vulnerability may qualify for recognition or reward.

The following represent general maximum reward categories:

Critical Severity – Up to $200
Examples: Remote code execution, authentication bypass, SQL injection exposing sensitive data, full account compromise.
High Severity – Up to $100
Examples: Stored XSS, sensitive internal data exposure, authentication weaknesses, local file inclusion vulnerabilities.
Medium Severity – Up to $50
Examples: Business logic flaws, insecure object references, limited privilege escalation.
Low Severity – Recognition Only
Examples: Open redirects, low-risk information disclosure, reflected XSS with minimal impact.

GROWERSOUTLET reserves the right to determine reward eligibility and amounts at its sole discretion.