Please contact us immediately if you discover any security vulnerabilities on our website.

At Picyso.shop, we take all valid security reports seriously and will act quickly to investigate and resolve any confirmed issues.

Before submitting a report, please review the guidelines below, which outline our core principles, bounty program, and non-eligible submissions.

SECTION 1 – CORE PRINCIPLES

Picyso.shop will not pursue legal action against individuals who submit vulnerability reports in good faith and in accordance with the guidelines below.

We kindly ask that you:

Allow Reasonable Time

  • Provide us sufficient time to investigate and resolve the issue before publicly disclosing it.

Respect User Privacy

  • Do not access, modify, or retrieve personal data from other users without explicit permission.

Act in Good Faith

  • Avoid actions that may cause harm, including service disruption, data loss, or privacy violations.

Do Not Exploit the Vulnerability

  • Do not use the vulnerability to gain unauthorized access or expose sensitive data.

Follow Applicable Laws

  • Ensure that your actions comply with all relevant laws and regulations.

SECTION 2 – BOUNTY PROGRAM

XBabyCar appreciates the efforts of ethical security researchers. We may offer monetary rewards for valid and impactful vulnerability disclosures.

Rewards are granted at our sole discretion based on:

  • Severity of the issue
  • Potential risk
  • Overall impact

To qualify for a bounty, you must:

  • Comply with our Core Principles (Section 1)
  • Report a valid security vulnerability that poses a real risk
  • Submit your report through our official contact channel
  • Report responsibly without further exploiting the issue

SECTION 3 – NON-ELIGIBLE SUBMISSIONS

The following reports do not qualify for rewards:

  • Spam, phishing, or social engineering unrelated to our systems
  • Missing SPF/DMARC records
  • Clickjacking on non-sensitive pages
  • Rate-limiting or brute-force issues without clear impact
  • Denial-of-Service (DoS) attacks
  • Issues requiring rooted or jailbroken devices
  • Vulnerabilities affecting outdated browsers or extensions

HOW TO SUBMIT A REPORT

If you identify a vulnerability, please contact us with detailed information:

📧 Email: support@picyso.shop

Please include:

  • Clear steps to reproduce the issue
  • Description of the potential impact
  • Any screenshots or supporting materials

CONTACT INFORMATION

📍 Address: 8334 Shaffer Pl, Littleton, CO 80127, USA
📱 Phone: (857) 314-1980
Email: support@picyso.shop