# Star Toner — security.txt (RFC 9116) # https://www.rfc-editor.org/rfc/rfc9116 Contact: mailto:security@star-toner.com Contact: mailto:info@star-toner.com Contact: tel:+34651788090 Expires: 2027-05-06T00:00:00.000Z Encryption: https://www.star-toner.com/pages/security-txt Preferred-Languages: es, en, fr Canonical: https://www.star-toner.com/.well-known/security.txt Policy: https://www.star-toner.com/policies/privacy-policy # About this file # Star Toner / CHICTRATEC S.L. welcomes responsible security disclosure. # Please report vulnerabilities affecting our website (star-toner.com), # our customer data, or our payment/order infrastructure to one of the # Contact addresses above. We will acknowledge receipt within 2 business days. # # Scope # In scope: star-toner.com and all subdomains, our Shopify storefront, # customer data handling, order/payment flow, transactional email. # Out of scope: third-party services (Shopify infrastructure itself, # Trustpilot, payment processors). Please report those to the respective # vendor's security team. # # Safe harbour # Good-faith vulnerability research that complies with this policy will # not be subject to legal action. Please: # - do not disrupt service # - do not access customer data beyond what is necessary to demonstrate # the issue # - do not retain customer data # - do not publicly disclose before we have responded # # Disclosure timeline (preferred) # 1. Initial report: send to the Contact addresses # 2. Acknowledgement: within 2 business days # 3. Triage and fix planning: 5-15 business days depending on severity # 4. Coordinated disclosure: typically 90 days from initial report