Vulnerability Disclosure

Notino takes data security seriously. We care about our users and their data. We gladly welcome any security report and we are investigating vulnerabilities and address identified problems if appropriate. Our Disclosure program encourages you to report any kind of security vulnerabilities.

Rules of our program

Please report the security issue to us without making it public at any point, inc. social media, mailing lists, message boards, discussion forums etc.

Please do not engage in security research that involves:

  • Potential or actual damage to users, businesses, people, systems, data or applications.
  • Violation of privacy rights or confidentiality of data.
  • Social engineering (including, but not limited to, phishing).
  • Disrupting or interrupting our services.
  • Port scans on our networks or executing DDoS attacks.

If you comply with the rules of our program we will not bring any lawsuit against you or ask law enforcement to investigate you, unless we have reason to believe that you did not act in good faith.

Rewards

We do not offer bug bounties or rewards. If we find your reported vulnerability useful and reproducible, we may add your name or alias to our acknowledgements page.

How to disclose vulnerabilities

Please send any vulnerability report you wish to disclose to bugbounty@notino.com. In the email please provide a brief description of following data:

  • What type of vulnerability you found?
  • How can we reproduce the vulnerability?
  • Who can use the vulnerability and benefit from it?

We gladly accept:

  • Screenshots
  • Logs
  • Etc.
Notino products
We guarantee 90-day returns
83,000 products
from 1,500 brands in our portfolio
Stores with e-shop prices in 8 countries