Skip to main content
Security

Security Policy

Last updated: 23 December 2025

Our Commitment to Security

At Jerry Can Spirits®, we take the security of our systems and the protection of our customers' data seriously. We appreciate the security research community's efforts in helping us maintain the highest security standards.

This policy outlines our guidelines for responsible disclosure of security vulnerabilities and how we handle security reports.

Reporting a Vulnerability

How to Report

If you believe you've discovered a security vulnerability in our systems, please report it to us immediately:

Email: security@jerrycanspirits.co.uk

Please use "SECURITY VULNERABILITY" in the subject line

What to Include

To help us understand and resolve the issue quickly, please include:

  • Description of the vulnerability and its potential impact
  • Step-by-step instructions to reproduce the issue
  • Proof of concept (if applicable)
  • Any relevant screenshots or logs
  • Your contact information for follow-up questions
  • CVE ID (if already assigned)

Our Response Process

Timeline

  • Initial Response: Within 48 hours of receiving your report
  • Status Updates: Regular updates throughout our investigation
  • Resolution: We aim to resolve critical issues within 30 days
  • Disclosure: Coordinated disclosure after the issue is resolved

What You Can Expect

  • Acknowledgment of your report within 48 hours
  • Regular communication about the progress of your report
  • Credit for your discovery (if you wish to be acknowledged)
  • A transparent and collaborative approach to resolving the issue

Responsible Disclosure Guidelines

Please Do:

  • Report vulnerabilities as soon as you discover them
  • Provide detailed information to help us reproduce and fix the issue
  • Give us reasonable time to address the vulnerability before public disclosure
  • Act in good faith to avoid privacy violations, data destruction, or service disruption

Please Do Not:

  • Access or modify data that does not belong to you
  • Perform actions that could harm our systems or users
  • Publicly disclose the vulnerability before we have had time to address it
  • Exploit the vulnerability for personal gain
  • Access, download, or modify user data without explicit permission
  • Conduct testing that impacts our service availability

Scope

In Scope

  • jerrycanspirits.co.uk and all subdomains
  • Our web application and API endpoints
  • Authentication and authorization mechanisms
  • Payment processing systems
  • Customer data handling

Out of Scope

  • Third-party services we use (please report directly to the vendor)
  • Social engineering attacks
  • Physical security issues
  • Denial of Service (DoS) attacks
  • Email/SMS bombing

Rewards & Recognition

While we do not currently offer a bug bounty program, we deeply appreciate the efforts of security researchers who help keep our platform safe.

What We Offer

  • Public acknowledgment of your contribution (with your permission)
  • A sincere thank you from our team
  • The satisfaction of helping protect our customers

Legal Safe Harbor

We consider security research conducted in accordance with this policy to be:

  • Authorized in accordance with the Computer Misuse Act 1990
  • Lawful and we will not pursue legal action against you
  • Good faith security research

We will not bring any legal action against researchers who discover and report vulnerabilities in accordance with this policy.

Security Best Practices

We maintain the following security measures to protect our systems and customer data:

  • Content Security Policy (CSP) implementation
  • DNSSEC for DNS security
  • HSTS preloading for HTTPS enforcement
  • Regular security audits and monitoring
  • Encryption of data in transit and at rest
  • Web Application Firewall (WAF) protection
  • DDoS mitigation across multiple layers
  • Regular security updates and patches

Contact Information

For security-related inquiries:

Security Email: security@jerrycanspirits.co.uk

General Contact: Contact Form

Company: Jerry Can Spirits® Ltd, United Kingdom

Related Policies

Privacy Policy - How we handle your personal data

Cookie Policy - Our use of cookies and tracking

Terms of Service - Terms governing use of our website

This Security Policy was last updated on 23 December 2025.

We may update this policy from time to time. We encourage you to review it periodically.