Security Vulnerability Disclosure Policy
Last updated: 3 May 2026
At Patterson Retro, we take the security of our website and customer information seriously. If you believe you have discovered a security vulnerability, we encourage you to report it responsibly so we can investigate and resolve it.
1. Purpose
This policy explains how security researchers and users can responsibly report potential vulnerabilities in our systems. We welcome good-faith reports that help improve the security of our website and customers.
2. Responsible Reporting Guidelines
If you report a vulnerability, we ask that you:
- Allow reasonable time for us to investigate and fix the issue before public disclosure
- Avoid accessing, modifying, or deleting customer or private data
- Do not attempt to exploit or escalate the issue beyond what is necessary to demonstrate it
- Do not disrupt, damage, or overload our systems
- Do not use phishing, social engineering, malware, or spam techniques
- Comply with all applicable laws
3. How to Report a Vulnerability
Please send reports to:
Email: support@pattersonretro.com
Please include:
- Affected URL or page
- Clear description of the issue
- Steps to reproduce the problem
- Any screenshots or recordings (if available)
- Possible impact of the issue
Please avoid including sensitive personal or payment data in your report.
4. What You Can Expect From Us
We will review all valid reports, confirm the issue where possible, and take appropriate action. We may contact you if more information is required.
5. Scope
This policy applies to:
- pattersonretro.com website
- Customer account and checkout systems
- Order and payment-related website functionality
It does not cover third-party services such as payment processors, shipping carriers, or external apps.
6. Out of Scope
Examples of issues generally considered out of scope:
- Theoretical or non-exploitable issues
- Automated scanner reports without proof of impact
- Missing security headers without an exploit
- Rate limiting or low-impact informational issues
- Social engineering or phishing attempts
- Denial-of-service testing
7. No Bug Bounty
Patterson Retro does not currently offer a paid bug bounty programme. Submitting a report does not guarantee compensation or reward.
8. Confidentiality
All vulnerability reports should be treated as confidential. Please do not share customer data or technical details publicly without permission.
9. Legal Notice
This policy is intended to support responsible security research. It does not authorise any illegal activity, unauthorised access, or disruption of services.
10. Contact
Patterson Retro
257 High St, Arbroath DD11 1EE, United Kingdom
Email: support@pattersonretro.com
Phone: +44 7418 636494