Report a Security Issue

At KeyOutlet, we take the security of our platform and our customers’ information very seriously. If you believe you have discovered a potential security vulnerability on our website or systems, we encourage you to report it to us as soon as possible. All legitimate reports are reviewed carefully, and verified issues are addressed promptly.

Before submitting a report, please review the guidelines below.

🔐 Reporting Fundamentals

If you follow the principles outlined here when reporting a security issue to KeyOutlet, we will not initiate legal action against you for your report.

We ask that you:

Allow us reasonable time to investigate and resolve the issue before disclosing it publicly.

Do not access, modify, or interact with another user’s account or data without explicit permission.

Make a good-faith effort to avoid privacy violations, data loss, or service disruption.

Do not exploit the vulnerability for any reason, including attempts to access sensitive data or demonstrate further impact.

Comply with all applicable laws and regulations while conducting your research.

🏆 Bounty Program

We appreciate the efforts of security researchers who help us keep our systems safe through responsible disclosure.

At KeyOutlet’s discretion, monetary rewards may be offered based on factors such as the severity, impact, and quality of the report.

To be eligible for a bounty, you must:

Follow the reporting fundamentals listed above.

Identify a valid security or privacy vulnerability within our platform or services.

Submit your report via our Contact page or by email (please do not contact individual employees directly).

Clearly disclose any accidental access to sensitive or private data.

Allow sufficient time for us to investigate and resolve the issue.

Verified reports may be published (without sensitive details) to promote transparency and security awareness.

🎯 Reward Guidelines

Rewards are determined based on the severity and potential impact of the vulnerability, as well as the clarity and reproducibility of the report.

Critical Severity — up to £200

Remote code execution

Privilege escalation from user to administrator

SQL injection exposing sensitive data

Full account access vulnerabilities

High Severity — up to £100

Authentication bypass

Exposure of confidential business information

Persistent cross-site scripting (XSS)

Local file inclusion vulnerabilities

Medium Severity — up to £50

Logic flaws affecting multiple users

Insecure object references

Low Severity — Recognition Only

Open redirects

Reflective XSS

Minor information disclosure

We aim to maintain fairness, consistency, and transparency in all bounty decisions.

📩 Contact Information

If you believe you have discovered a security issue, please contact us immediately:

KeyOutlet
📧 Email: support@keyoutlet.co.uk
📞 Phone: +441414292531
📍 Address: 26 West St, Kinning Park, Glasgow G5 8LP, United Kingdom
🕒 Business Hours: Monday – Friday: 8:00 AM – 6:00 PM | Saturday: 8:00 AM – 12:00 PM

Thank you for helping keep KeyOutlet secure.