:||::||:
# Star Toner — security.txt (RFC 9116)
# https://www.rfc-editor.org/rfc/rfc9116

Contact: mailto:security@star-toner.com
Contact: mailto:info@star-toner.com
Contact: tel:+34651788090
Expires: 2027-05-06T00:00:00.000Z
Encryption: https://www.star-toner.com/pages/security-txt
Preferred-Languages: es, en, fr
Canonical: https://www.star-toner.com/.well-known/security.txt
Policy: https://www.star-toner.com/policies/privacy-policy

# About this file
# Star Toner / CHICTRATEC S.L. welcomes responsible security disclosure.
# Please report vulnerabilities affecting our website (star-toner.com),
# our customer data, or our payment/order infrastructure to one of the
# Contact addresses above. We will acknowledge receipt within 2 business days.
#
# Scope
# In scope: star-toner.com and all subdomains, our Shopify storefront,
# customer data handling, order/payment flow, transactional email.
# Out of scope: third-party services (Shopify infrastructure itself,
# Trustpilot, payment processors). Please report those to the respective
# vendor's security team.
#
# Safe harbour
# Good-faith vulnerability research that complies with this policy will
# not be subject to legal action. Please:
#   - do not disrupt service
#   - do not access customer data beyond what is necessary to demonstrate
#     the issue
#   - do not retain customer data
#   - do not publicly disclose before we have responded
#
# Disclosure timeline (preferred)
#   1. Initial report: send to the Contact addresses
#   2. Acknowledgement: within 2 business days
#   3. Triage and fix planning: 5-15 business days depending on severity
#   4. Coordinated disclosure: typically 90 days from initial report