If you identify a security vulnerability on www.powkey.tech, we encourage you to contact us immediately. We take all legitimate vulnerability reports seriously and will work swiftly to resolve any issues. Before reporting, please review the following document, which includes our principles, bounty program, reward guidelines, and details on what should not be reported, to ensure a smooth process for protecting our customers shopping for lawn mowers, riding mowers, garden pumps, and home tools.

Principles

When reporting a security issue to Powkey Tech, please adhere to the following principles to ensure a positive, cooperative resolution. By following these principles, we will not initiate legal action or an enforcement investigation against you in response to your report:

  1. Give us time to assess and fix the issue: Please allow us a reasonable time frame to evaluate and resolve the reported issue before disclosing any details publicly or sharing them with others.
  2. Do not access or modify data without permission: Avoid accessing or altering data from individual accounts unless you have explicit consent from the account owner.
  3. Act responsibly: Always act in good faith, ensuring that your investigation does not cause privacy violations, service disruptions, or data degradation for Powkey Tech products.
  4. Do not exploit discovered vulnerabilities: Do not use any discovered security issues for any purpose, including demonstrating further risks or searching for additional vulnerabilities.
  5. Follow relevant laws and regulations: Ensure compliance with all applicable laws and regulations.

Bounty Program

We appreciate and reward security researchers who help us protect our customers by reporting vulnerabilities in our services. While monetary bounties are at Powkey Tech’s discretion based on factors like risk and impact, here’s how the process works:

Eligibility for Bounty:

  • Follow our principles (as listed above).
  • Report vulnerabilities that pose a real security or privacy risk to our services or infrastructure. (Not all bugs qualify as security issues, and Powkey Tech determines the risk level.)
  • Submit your report through our security contact channels. Do not contact employees directly.
  • If you unintentionally cause privacy violations or disruptions (e.g., accessing account data or confidential information), please disclose this in your report.
  • We investigate and respond to all valid reports, though responses may take time due to volume. Reports are prioritized based on risk and other factors.

We Reserve the Right to Publish Reports:

We may choose to publish reports, especially for those that help us improve security for our users.

Rewards

The reward amount depends on the impact of the vulnerability. Powkey Tech may update this program based on feedback, and we welcome suggestions for improvement.

To be eligible for a bounty:

  • Submit detailed reports with reproducible steps. Reports lacking sufficient detail to reproduce the issue will not be eligible for a bounty.
  • In case of duplicate reports, the first report that we can fully reproduce will be awarded.
  • If multiple vulnerabilities stem from a single underlying issue, we will provide one bounty.

Maximum Reward Amounts:

  • Critical Severity Vulnerabilities ($200): Issues that cause privilege escalation (e.g., remote code execution, financial theft).
    • Examples: Remote Code Execution, Vertical Authentication Bypass, SQL Injection, Full account access.
  • High Severity Vulnerabilities ($100): Issues affecting platform security or processes.
    • Examples: Lateral Authentication Bypass, Stored XSS, Local File Inclusion, Insecure cookie handling.
  • Medium Severity Vulnerabilities ($50): Issues affecting multiple users with minimal interaction required.
    • Examples: Insecure Object References, Business logic defects.
  • Low Severity Vulnerabilities (No monetary reward): Issues affecting single users requiring significant prerequisites or interaction.
    • Examples: Open Redirect, Reflective XSS, Information leaks.

Contact Us

For security vulnerability reports or any inquiries about your Powkey Tech products, our support team is available 24/7:

  • Phone: +1 (302) 495-3741
  • Email: team@powkey.tech
  • Mailing Address: 800 Capitol St, Houston, TX 77002, USA