Report Security Issues

🔐 Responsible Disclosure & Bug Bounty Policy

At AM Models & Toys, we take the security of our platform and our users seriously.
If you have discovered a potential security vulnerability in our systems, we appreciate your help in reporting it responsibly.
By adhering to the guidelines below, you help us maintain a safe environment for all users — and we assure you that no legal action or enforcement will be taken against you for responsible and ethical disclosure.

Responsible Disclosure Guidelines

To qualify for safe harbor and potential recognition or reward, please ensure you follow these principles:

  1. Allow reasonable time for us to investigate and resolve the issue before publicly disclosing or sharing details with any third party.
  2. Do not access or modify data belonging to others without explicit consent from the account owner.
  3. Avoid privacy violations and any actions that could disrupt services — including unauthorized data access, modification, or deletion.
  4. Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue. Please refrain from attempting to access confidential or sensitive company data.
  5. Comply with all applicable laws and regulations while conducting your research or testing.

Following these rules ensures both you and our users remain protected while maintaining a constructive disclosure process.

🏆 Bug Bounty Program

We highly value the contributions of ethical security researchers and offer monetary rewards for valid, impactful vulnerability reports at our discretion.
Rewards are determined based on the severity, impact, and quality of the submission.

Eligibility Requirements

To be eligible for a bounty, you must:

  • Follow all Responsible Disclosure Guidelines listed above.
  • Report a valid, previously unknown vulnerability that poses a security or privacy risk to AM Models & Toys, its users, or its infrastructure.
  • Submit your report through our official security contact channel (do not contact employees directly).
  • Immediately disclose any accidental access to private data or configurations discovered during testing.
  • Allow us reasonable time to review and remediate the issue before further discussion or disclosure.
  • Understand that response times may vary, as reports are prioritized based on severity.
  • Acknowledge that AM Models & Toys reserves the right to publish accepted vulnerability reports with appropriate researcher credit, where possible.

🎁 Rewards Breakdown

Bounty amounts are based on severity, reproducibility, and potential impact.
These represent maximum payouts; final amounts are determined at our discretion.

Severity Level Reward (Up To) Examples
Critical £200 - Remote Code Execution (RCE)
- Full account takeover
- SQL Injection exposing sensitive data
- Privilege escalation to admin
High £100 - Cross-Site Scripting (XSS) affecting other users
- Authentication or session bypass
- Insecure session cookie handling
- Local file inclusion
Medium £50 - Logic or business process flaws
- Insecure direct object references (IDOR)
- Authorization misconfigurations
Low Discretionary - Open redirects
- Reflective XSS
- Minor information disclosure or header misconfigurations

 

📋 Report Quality Expectations

To ensure your report is valid and eligible for consideration, please:

  1. Provide clear, detailed, and reproducible steps to replicate the issue. Incomplete or unclear submissions may not qualify.
  2. Understand that in the case of duplicate reports, only the first valid, reproducible submission will be eligible for a reward.
  3. Recognize that multiple issues from a single root cause may be treated as one vulnerability.
  4. Note that the final bounty decision depends on impact, exploitability, and overall report quality.

How to Report

If you believe you have found a security vulnerability, please contact us securely at:
📧 security@ammodelsandtoys.co.uk

Please include as much detail as possible — such as affected URLs, detailed reproduction steps, screenshots, or proof-of-concept code — to help us verify and address the issue efficiently.

Thank You

We sincerely appreciate your commitment to improving the security and integrity of AM Models & Toys.
Your responsible efforts help us maintain a safer experience for all users and customers.