NZ

AU

Skip to content

GoSweetSpot Vulnerability Disclosure Policy

Effective Date: 9 July 2026

GoSweetSpot takes the security of its systems and customer data seriously. We welcome reports of genuine security vulnerabilities and appreciate information that helps us improve the security of our services.

Reporting a Vulnerability

Please report suspected security vulnerabilities to:

[email protected]

When submitting a report, please include:

  • A description of the issue.
  • The affected product, service, API, or endpoint.
  • Steps to reproduce the issue.
  • Relevant supporting information, such as screenshots or proof-of-concept examples.
  • The potential impact of the issue.

Security Testing Requires Prior Approval

GoSweetSpot does not authorise security testing of its systems without prior written approval.

This includes, but is not limited to:

  • Vulnerability scanning.
  • Penetration testing.
  • Injection testing.
  • Fuzzing.
  • Exploit development or validation.
  • Automated security assessment activities.
  • Active probing intended to identify security weaknesses.

The availability of public websites, APIs, sandbox environments, test environments, or demo systems does not constitute permission to conduct security testing.

Responsible Reporting

If you become aware of a potential vulnerability, please:

  • Report it promptly.
  • Limit any activity to what is necessary to identify and describe the issue.
  • Avoid accessing, modifying, exporting, or retaining data that does not belong to you.
  • Avoid publicly disclosing the issue until GoSweetSpot has had a reasonable opportunity to investigate and address it.

Reports We May Not Respond To

GoSweetSpot does not operate a bug bounty programme.

Submission of a report does not create any entitlement to compensation, recognition, or a response.

We may decline to acknowledge or respond to reports that:

  • Do not identify a genuine security vulnerability.
  • Relate solely to missing security headers, software versions, cipher preferences, TLS grades, configuration observations, or similar findings generated by automated tools.
  • Describe theoretical issues without a demonstrated security impact.
  • Request payment before sufficient details are provided to validate a reported issue.
  • Are otherwise determined to be low-value, informational, or non-actionable.

Terms of Use

Use of GoSweetSpot systems and services is subject to our Terms of Trade and any applicable API Terms. Unauthorised security testing and other prohibited activities may result in suspension, restriction, or termination of access.

Nothing in this policy grants permission to access, test, probe, scan, or otherwise interact with GoSweetSpot systems beyond their intended and authorised use.

GoSweetSpot reserves the right to modify this policy at any time.

give me data that I can import to themify builder to have same styling as the above markdown

Ready to boost your business by sorting all of your shipment needs in the sweetest spot?