Vulnerability Disclosure Policy

Effective date: December 24, 2025

We take security seriously. This policy explains how to report security vulnerabilities for https://bearpackonlineservices.com and systems operated by Tristan Salisbury (operating as BearPack Online Services, “BearPack”).

1) How to report

Send vulnerability reports to:

• Email: arcticasters@gmail.com
• Subject line: “Security Vulnerability Report”

Include:

• A clear description of the issue and impact
• Steps to reproduce (proof-of-concept if possible)
• Affected URLs/endpoints/components
• Any relevant screenshots/logs

2) Testing guidelines

Do not:

• Access or modify data that does not belong to you
• Perform denial-of-service attacks
• Publicly disclose the issue before we have a reasonable opportunity to investigate and remediate
• Use automated scanning that materially disrupts services

3) Our commitment

• Acknowledge receipt within a reasonable time
• Investigate and validate reports
• Work toward a fix based on severity and risk
• Notify you when remediation is complete where practical

4) Safe harbour

If you follow this policy and act in good faith, we will not pursue legal action against you for your report.