Report Security Issues

At Lunaliame, we take website security and customer privacy seriously. If you believe you have discovered a security vulnerability on our website, we encourage you to report it to us responsibly so we can review and address the issue as quickly as possible.

This policy explains how security concerns should be reported, what behavior is expected from researchers, and how reports are reviewed.

1. Responsible Disclosure

If you find a possible security issue on Lunaliame’s website, please contact us before sharing the issue publicly or with any third party.

We ask that you give us reasonable time to investigate, verify, and fix the issue before making any disclosure.

Reports should be made in good faith and should not involve actions that harm our customers, website, business, systems, or data.

2. Research Guidelines

When testing or reporting a security issue, you must:

  • Act in good faith

  • Avoid accessing, modifying, deleting, or exposing customer data

  • Avoid disrupting website performance or availability

  • Avoid testing on private customer accounts without permission

  • Avoid social engineering, phishing, spam, or physical attacks

  • Avoid installing malware, viruses, or harmful code

  • Avoid using the vulnerability for personal gain

  • Comply with all applicable laws and regulations

If you accidentally access sensitive information, please stop immediately and include the details in your report.

3. How to Report a Vulnerability

To report a security concern, please contact us by email:

Email: contact@lunaliame.com

Please include as much detail as possible, such as:

  • A clear description of the issue

  • The affected page or URL

  • Steps to reproduce the issue

  • Screenshots or screen recordings, if helpful

  • The potential impact of the vulnerability

  • Your contact information for follow-up questions

Clear and complete reports help us investigate and resolve issues faster.

4. What We Review

We review legitimate security reports that may affect the privacy, safety, or security of our customers, website, or store operations.

Examples may include:

  • Authentication or login vulnerabilities

  • Exposure of sensitive customer information

  • Payment or checkout security concerns

  • Stored cross-site scripting affecting users

  • Unauthorized access to private areas

  • Serious configuration issues

  • Other vulnerabilities that create real security risk

5. Issues That May Not Qualify

Some reports may not be considered valid security vulnerabilities.

Examples include:

  • General spam reports

  • Missing security headers without demonstrated impact

  • Clickjacking on pages with no sensitive actions

  • Rate-limit concerns without clear security impact

  • Public information already available online

  • Self-XSS requiring a user to attack themselves

  • Browser autocomplete behavior

  • Outdated software notices without proof of exploitability

  • Social engineering or phishing attempts

  • Denial-of-service testing or traffic flooding

We may still review these reports, but they may not require action unless a real security risk is demonstrated.

6. No Unauthorized Exploitation

You must not exploit a vulnerability beyond what is necessary to confirm and report it.

You may not use the issue to access private accounts, customer data, payment information, internal systems, or confidential business information.

Testing must stop immediately once the issue has been confirmed.

7. Report Review Process

After receiving a report, our team will review the information and determine whether the issue is valid, reproducible, and security-related.

We may contact you for additional details if needed.

Response times may vary depending on the complexity and severity of the issue, but we aim to review legitimate reports as quickly as possible.

8. Recognition and Rewards

Lunaliame appreciates responsible security reports that help protect our customers and website.

At this time, any recognition or reward is provided at Lunaliame’s discretion. A report does not automatically qualify for payment, compensation, or public recognition.

Reward decisions may depend on:

  • Severity of the issue

  • Real-world impact

  • Quality of the report

  • Reproducibility

  • Whether the report followed this policy

  • Whether the issue was previously known or already reported

9. Public Disclosure

Please do not publicly disclose any vulnerability until Lunaliame has reviewed and resolved the issue.

Unauthorized disclosure before we have had reasonable time to investigate and fix the issue may put customers and systems at risk.

10. Legal Safe Harbor

If you follow this policy and act in good faith, we do not intend to take legal action against you for reporting a legitimate security vulnerability.

This protection does not apply to activity that is harmful, illegal, abusive, destructive, fraudulent, or intended to access private data or disrupt services.

11. Contact Information

For security reports, customer support, website concerns, or general questions, please contact us:

Store Name: Lunaliame
Address: 109 High St, Northcote VIC 3070, Australia
Phone: [Add your phone number here]
Email: contact@lunaliame.com

Thank you for helping keep Lunaliame safe and secure.