Security & Responsible Disclosure

Last updated: 8 September 2025

We take the security of our platform and customer data seriously. If you believe you’ve found a vulnerability in any Uncover Britain service, please report it so we can fix it quickly and safely.

How to report

Email: hello@uncoverbritain.com
Subject: Vulnerability report

Please include:

  • Clear steps to reproduce

  • Affected URL/endpoints and any request/response samples

  • The impact you believe is possible

  • Screenshots or a short video (if helpful)

  • Your contact details and whether you’d like public credit after it’s fixed

We aim to acknowledge within 3 business days and keep you updated at least weekly until resolution. We’re not running a bug bounty at this time, but we’re happy to credit researchers (with your consent) once a fix is deployed.

Scope

In scope:

  • https://www.uncoverbritain.com/ and sub-pages

  • Any Uncover Britain–owned subdomains or web endpoints we directly operate

Out of scope (examples):

  • DoS/volumetric attacks or rate-limit brute forcing

  • Social engineering/phishing or attacks against staff, partners, or customers

  • Physical security or third-party platforms (e.g., payment processors, hosting/CMS)

  • “Best practice” findings without concrete security impact

  • Self-XSS or issues requiring a compromised device/browser

If unsure whether something is in scope, email us first.

Rules of engagement

  • No data exfiltration beyond the minimum to demonstrate impact

  • No service disruption or degradation

  • Use your own accounts/test data where possible

  • Do not access other users’ data; if encountered, stop, don’t save it, and report immediately

  • Follow applicable laws and this policy

Provided your research follows these rules, we won’t pursue legal action and will consider your testing authorised for responsible disclosure.

Fix timelines (guideline)

We prioritise by severity/impact. Critical issues are addressed as quickly as possible; lower-risk issues may be batched into scheduled releases. We’ll share status updates and, where appropriate, planned timelines.

Thank you for helping keep Uncover Britain secure.