Security and Vulnerability Disclosure
Last updated: [15 July 2026]
Reporting a concern
Security researchers, clients and users can report a suspected vulnerability to info@stylux.uk with the subject ‘Security Report’. Include the affected URL or service, a clear description, reproduction steps and potential impact. Do not include unnecessary personal data, credentials or live customer records.
Responsible testing
Do not access, alter, retain or disclose data that is not yours; disrupt services; conduct denial-of-service testing; use social engineering; send malware; perform high-volume automated scanning; or publish a vulnerability before Stylux has had a reasonable opportunity to investigate and remediate.
Our response
Stylux will triage good-faith reports, seek clarification where necessary, investigate proportionately and communicate material progress where practicable. We do not promise payment or a particular remediation date. Good-faith research conducted within this policy will not ordinarily be pursued by Stylux, but this statement cannot authorise activity prohibited by law or by third-party systems.