Vulnerability Disclosure Policy

Effective date: December 24, 2025

We take security seriously. This policy explains how to report security vulnerabilities for https://bearpackonlineservices.com and systems operated by Tristan Salisbury (operating as BearPack Online Services, “BearPack”).

1) Scope

This policy applies to security vulnerabilities in the following systems operated by BearPack Online Services:

• https://bearpackonlineservices.com (main marketing and product Site)
• Associated web applications and APIs (e.g., user dashboards, admin panels, AI help chat)
• Automated services and Discord bots powered by BearPack

Third-party services (Discord, Stripe, Supabase, etc.) should be reported directly to those providers.

2) How to report

Send vulnerability reports to:

• Email: ArctiCasters@gmail.com
• Subject line: "Security Vulnerability Report"

Include:

• A clear description of the issue and impact
• Steps to reproduce (proof-of-concept if possible)
• Affected URLs/endpoints/components
• Any relevant screenshots/logs

3) Testing guidelines

Do not:

• Access or modify data that does not belong to you
• Perform denial-of-service attacks
• Publicly disclose the issue before we have a reasonable opportunity to investigate and remediate
• Use automated scanning that materially disrupts services

4) Our commitment

• Acknowledgement: We aim to acknowledge receipt of vulnerability reports within 3 business days
• Investigation: We will investigate and validate the report
• Status updates: We will provide updates on our progress, typically within 7-14 days depending on severity
• Remediation: We will work toward a fix based on severity and risk. Critical issues receive priority attention
• Notification: We will notify you when remediation is complete where practical
• No bounty program: We do not currently offer a paid bug bounty program, but we greatly appreciate responsible disclosure

5) Safe harbour

If you follow this policy and act in good faith, we will not pursue legal action against you for your report.