Security Vulnerability Disclosure Program

Jukebox Print is committed to maintaining a secure and trusted platform. If you discover a potential security issue within our website, tools, or services, please report it responsibly so we can investigate and resolve it.

Security contact:

Email security@jukeboxprint.com with full details of the issue.

How to report a security issue

When reporting a vulnerability, please include as much detail as possible so our team can validate and reproduce the issue efficiently.

  • A clear description of the issue
  • Step-by-step reproduction instructions
  • Relevant URLs, parameters, or payloads
  • Screenshots or proof-of-concept material where applicable
  • Your contact information

What happens next

  • We aim to acknowledge receipt of your report within 3 to 5 business days.
  • Our team investigates and validates the findings.
  • Confirmed issues are prioritized based on severity and impact.
  • We follow up once remediation is complete.

Compensation

Jukebox Print may offer compensation for valid, responsibly disclosed vulnerabilities. Rewards are determined based on severity, impact, exploitability, scope, and report quality.

Financial compensation is strictly limited to critical vulnerabilities that demonstrate a direct compromise of user data or core infrastructure. Minor configuration issues and low-impact findings are not eligible for bounty payouts.

Compensation is offered at our sole discretion and typically applies only to issues that have not been previously reported or internally identified.

Scope

  • www.jukeboxprint.com
  • Core application subdomains directly owned and operated by Jukebox Print
  • Customer-facing web applications and tools
  • Public APIs where applicable

Subdomains hosted on third-party platforms or legacy marketing properties that are not under active operational control by Jukebox Print are excluded unless explicitly confirmed in writing.

Out of scope

  • Social engineering or phishing
  • Physical attacks or onsite testing
  • Denial of Service testing
  • Bulk automated scanning that causes disruption
  • Testing third-party services not controlled by Jukebox
  • Low-impact issues such as missing HTTP security headers
  • SPF, DKIM, or DMARC record configuration issues
  • Clickjacking on pages that do not contain sensitive actions
  • Issues that require unrealistic user interaction or non-standard browser configurations

Responsible disclosure guidelines

  • Avoid accessing, modifying, or deleting customer data.
  • Do not exploit vulnerabilities beyond what is required to demonstrate impact.
  • Do not publicly disclose findings until remediation is complete.
  • Conduct testing in a way that does not degrade performance or disrupt service availability.

Safe harbor

Jukebox Print will not pursue legal action against researchers who act in good faith, follow this policy, and avoid causing harm, data exposure, or service disruption.

Questions

For clarification or coordination, contact security@jukeboxprint.com.