Pix-Star Vulnerability Disclosure Policy
Pix-Star takes the security of our products and services seriously. We recognize that responsible security researchers and customers play an important role in identifying and reporting potential vulnerabilities. This policy describes how to report security issues to us and what you can expect in return.
Scope
This policy applies to:
- Pix-Star digital picture frames
- The Pix-Star web dashboard
How to Report a Vulnerability
If you believe you have discovered a security vulnerability in one of our products or services, please notify us as soon as possible by sending an email to: security@pix-star.com
Please include as much detail as possible to help us understand and reproduce the issue, such as:
- The product, software version, or service affected
- A description of the vulnerability and potential impact
- Steps to reproduce the issue
- Any supporting materials (e.g., screenshots, proof-of-concept)
After investigating and validating a reported vulnerability, pix-Star will strive to create an appropriate remedy, if it believes a remedy is required. A remedy may take the form of:
- a new product release, patch, or update that will resolve the security issue or avoid it
- additional guidance customers may use to provide protection against the reported issue(s) in the affected product(s).
What to Expect from Us
- Acknowledgment: We will acknowledge receipt of your report within 7 calendar days.
- Assessment: We will investigate and assess the reported issue.
- Updates: We will provide updates at least every 90 days, or sooner if significant progress is made.
- Resolution: We aim to address confirmed vulnerabilities within 90 days of initial acknowledgment, where feasible.
Our Expectations of You
- Act in good faith and avoid actions that could harm Pix-Star users, systems, or data.
- Do not access, modify, or delete data that does not belong to you.
- Do not publicly disclose a vulnerability before Pix-Star has had a reasonable opportunity to investigate and release a fix.
Legal Notice
This policy does not grant permission to perform security testing outside the scope defined above, and it does not provide a legal safe harbor. Researchers remain responsible for complying with all applicable laws.
